Snort mailing list archives
Re: Regex Rules
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 13 Nov 2019 18:50:51 +0000
Hello Tudor, Not sure where you are getting that number, there are currently 9790 rules in the plaintext ruleset that contain pcre. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com On Nov 13, 2019, at 3:37 AM, Iures, Tudor-Cristian via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>> wrote: Hello everybody, I’m a third year Computer Science student doing a project on regular expressions. The use of regular expressions in Snort is one of my research topics. This paper http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.154.6795&rep=rep1&type=pdf from 2008 is stating that 5549 of 8536 Snort rules are using regular expressions and this source http://www.cs.bham.ac.uk/~hxt/research/rxxr2/ contains a list of 12499 Snort rules using regular expressions. However, the current Snort rules only contains 826 regex rules, considerably less. My question is, why the drop in usage? Thank you, Tudor Iures _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org<http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Regex Rules Iures, Tudor-Cristian via Snort-sigs (Nov 13)
- Re: Regex Rules Joel Esler (jesler) via Snort-sigs (Nov 13)