Snort.org Blog: The Sourcefire VRT Community ruleset is live!

[Joel Esler <jesler () sourcefire com>]

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html

The Sourcefire VRT Community ruleset is live!

As I discussed last week in my blog post concerning the recent VRT Rule license changes (blog post can be found here:  
http://blog.snort.org/2013/03/vrt-rule-license-change-v20.html), the community ruleset, something we've been planning 
here in the VRT is finally live!

The Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge without the VRT License 
restrictions, without delay, and without oinkcode restriction.  It consists of the original GPLv2 rules (SIDs 3464 and 
below) as well as any rules that have been submitted to us to date for inclusion in the VRT ruleset.

This ruleset is updated daily and is a subset of the subscriber ruleset. If you are a VRT Subscriber, the community 
ruleset is already built into your download.  The subscriber ruleset will continue to be published on Tuesdays and 
Thursdays. 

If you are a registered user (under the 30-day delay) you may also include this ruleset in your Snort installation to 
stay current.  If there are SID conflicts when Snort starts up between the two rulesets Snort will always take the 
higher revision number or "rev".  In most cases this will be the community ruleset.

The ruleset is designed for the most recent version of Snort. (As of today, 2.9.4.1)  This isn't to say that the 
ruleset won't function on older versions of Snort, we just design this up to date and living ruleset for  the most 
current version of Snort in production.

There are no shared object rules in the community rulepack.

You may download the Community ruleset by editing your pulledpork.conf and adding the following line to your "rule_url" 
section:
rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community

The SVN version of pulledpork also contains this functionality, and a new release of pulledpork will be pushed soon.

The authors of the rules in the community ruleset are listed in the AUTHORS file inside the tarball.

If you would like to submit to the community ruleset, you may do so by emailing your rule to vrt [at] sourcefire [dot] 
com.  We require a pcap for the traffic your rule is supposed to detect, and in lieu of a pcap, references, screenshots 
or something needs to be provided to give us some indication of what your rule is written to fire on.

Rules submitted to the VRT on the Snort-sigs mailing list will also go into the community ruleset with full attribution 
to the author.

We look forward to working with you all and the many people that have already submitted rules to us in order to make 
this a vibrant living and breathing ruleset!  It's been a long time coming, so thanks for being patient with us!

If there are any questions, please send them to the Snort-sigs mailing list listed above!
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!