Snort mailing list archives
More APT1 info that needs to be made into snort rules
From: Barry Weymes <weymes () fox-it com>
Date: Mon, 4 Mar 2013 14:49:12 +0100
Hello, I came across a Symantec report today: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it being made into rules. Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within sourcefire that would knowledge about the rule generation process? Cheers Barry Weymes, MSc. SSCP Cybercrime Specialist | weymes () fox-it com<mailto:weymes () fox-it com>| Linkedin<http://www.linkedin.com/profile/view?id=43157458> Description: Description: Description: Description: logo voor e-mail 250px 96dpi transparent Olof Palmestraat 6, Delft P.O. Box 638, 2600 AP Delft The Netherlands +31 (0)15 284 79 62 FOX-IT.COM<http://www.fox-it.com/> Chamber of Commere Haaglanden (No. 27301624).
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- More APT1 info that needs to be made into snort rules Barry Weymes (Mar 04)
- Re: More APT1 info that needs to be made into snort rules Joel Esler (Mar 04)