Re: Rules in Snort 2 but not present in Snort 3

["Jason Hutchinson \(jashutch\) via Snort-sigs" <snort-sigs () lists snort org>]

Hello all,
I am looking into reports that indicate "NON-CUSTOM" Snort rules that are present in Snort v2, but are not seen in 
Snort v3.

It is understood that there are changes to include, but not limited to;


  1.  Simplified Rule Headers
  2.  http* sticky buffers
  3.  PCRE flag removal
  4.  Matching sub-options
  5.  Urilen rule drop

Just to name a few .....


Additionally, there are features not supported in Snort 3 that were in Snort 2.


  1.  Safesearch
  2.  YouTube EDU
  3.  No TID incident or SI event on blocked event
  4.  No TID incident for monitoring

Along with others ...


So,  my specific question is, taking the example two rules below, they can be seen in Snort v2   but not SNORT v3:
"HI_EO_SERVER_INVALID_CHUNK_SIZE"; sid:28; gid:120
"STREAM5_DATA_ON_SYN"; sid:2; gid:129


Is there some sort of reference that may indicate the reason a rule is no longer listed like the ones stated above?  
Something that may indicate a rule is not seen because....


  1.  Changes that reduced the need to have multiple rules where one rule would apply to multiple scenarios
  2.  Rule is no longer included due to features not supported on Snort v3


I apologize if this has been covered somewhere.  The above information was included to show there was some effort to 
look for some sort of resource that would provide the answers...

Thanks everyone.

Jason M. Hutchinson


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!