Snort mailing list archives
How can I find out more about the latest rules?
From: "Ito,Raima SL2-AD" <ito-raima () mki co jp>
Date: Wed, 5 Apr 2023 10:48:33 +0000
Hi All, I can't get a HIT on the Rule Doc Search for the number of a recently released Talos Rule. At least, it seems that rule IDs listed in releases up to two months old are not HIT. For example, ----------------------------------------- https://www.snort.org/advisories/talos-rules-2023-04-04 2023-04-04 12:59:21 UTC Snort Subscriber Rules Update Date: 2023-04-04 This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000. The format of the file is: gid:sid <-> Default rule state <-> Message (rule group) New Rules: * 1:61554 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt (os-windows.rules) ---------------------------------------- 61554 Number is newly included in the signatures, but when I search for it, I don't get any HITs or details. How are Talos Rules managed and when will users be able to check the details? Regards, Raima Ito
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- How can I find out more about the latest rules? Ito,Raima SL2-AD (Apr 06)
- Re: How can I find out more about the latest rules? Brendan Bell (brebell) via Snort-sigs (Apr 07)