Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How can I find out more about the latest rules?

From: "Ito,Raima SL2-AD" <ito-raima () mki co jp>
Date: Wed, 5 Apr 2023 10:48:33 +0000
Hi All,

I can't get a HIT on the Rule Doc Search for the number of a recently released Talos Rule. At least, it seems that rule 
IDs listed in releases up to two months old are not HIT.
For example,

-----------------------------------------
https://www.snort.org/advisories/talos-rules-2023-04-04

2023-04-04 12:59:21 UTC
Snort Subscriber Rules Update
Date: 2023-04-04
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)
New Rules:
* 1:61554 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt (os-windows.rules)
----------------------------------------

61554 Number is newly included in the signatures, but when I search for it, I don't get any HITs or details. How are 
Talos Rules managed and when will users be able to check the details?

Regards,
Raima Ito

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: