Re: F5 BIG-IP

[Joshua Ox <eternity336 () gmail com>]

So I'm going to need to look into that further sounds awesome.  How does it
work with Source fire?  I've never seen an option to add objects like that.

On Feb 10, 2017 4:58 PM, "Y M" <snort () outlook com> wrote:

> This FAQ provides good information about Shared Object Rule:
>
> https://www.snort.org/faq/shared-object-rules
>
> YM
>
>
> ------------------------------
> *From:* eternity336 () gmail com <eternity336 () gmail com> on behalf of Joshua
> Ochsankehl <joshua.ochsankehl () gmail com>
> *Sent:* Saturday, February 11, 2017 1:50:47 AM
> *To:* Y M
> *Cc:* snort-sigs () lists sourceforge net
> *Subject:* Re: [Snort-sigs] F5 BIG-IP
>
> Does that mean there is a plugin or process outside of the snort rule
> inspecting the traffic?
>
> On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort () outlook com> wrote:
>
> > This is a gid:3 signature; a shared object rule. The detection part of a
> > is a compiled object. What you see is the signature stub.
> >
> > YM
> > ------------------------------
> > *From:* Joshua Ochsankehl <joshua.ochsankehl () gmail com>
> > *Sent:* Saturday, February 11, 2017 1:31:26 AM
> > *To:* snort-sigs () lists sourceforge net
> > *Subject:* [Snort-sigs] F5 BIG-IP
> >
> > Snort talos rules 41547-8 don't contain any content and only have
> > commands within metadata.  What is it actually doing?
> >
> > V/R,
> > Joshua "Ox" Ochsankehl
> >
> > ------------------------------------------------------------
> > ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> >
> > http://www.snort.org
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
> >
> > Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> > to stay up to date to catch the most <a href="
> > https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!