Re: Snort Blog: Community Snort Rule Monthly Detection Contest!

["Joel Esler (jesler)" <jesler () cisco com>]

Slight error in this email.  Don’t know how I did that…

... if you write a rule for an ICMP response on the network (for example), we are going to accept it….

should read

….  if you write a rule for an ICMP response on the network (for example), we are not going to accept it….

--
Joel Esler
Manager, Talos Group




On Mar 9, 2016, at 10:12 AM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote:


http://blog.snort.org/2016/03/community-snort-rule-monthly-detection.html

Community Snort Rule Monthly Detection Contest!
Here at Snort, we continue to welcome rule submissions to improve community detection. As a thanks to our community, we 
like to reward individuals with some cool “Snort swag” items such as our new “Snorty mug”, hoodies, Snort calendar, and 
other goodies for rule submissions accepted.


Standard rules for submission criteria:

We are accepting signatures into the community ruleset<https://www.snort.org/downloads/#rules> (GPLv2 licensed) via the 
Snort-Sigs mailing list, which anyone may join here:  https://lists.sourceforge.net/lists/listinfo/snort-sigs.

When we receive a signature, we will follow our standard internal procedures (which involves heavy QA of the signature, 
testing, optimization for performance, and perhaps sending the rule out to our internal any external testing groups).

You may reference the Snort Users Manual for general rules questions, as well as discussing it among fellow Snort Rule 
writers on the above list.

The rules are released in the Snort Rule Set and are available to our customers and the Snort community as a whole via 
our normal community rule distribution process, published daily!

We will provide you feedback about how to improve your rules such as what you should or should not do, tips and tricks 
involved with the latest versions of Snort and its’ keywords, as well as giving the author full attribution for their 
submissions, on the Snort Blog, as well as the AUTHORS file contained in the Community Rule Set tarball.

If you’d like to submit to the Snort ruleset, please email us at research [at] sourcefire.com<mailto:research () 
sourcefire com> with your rule and research behind it (pcap, ascii dump, references, anything!)

As always False positive reports belong here: https://snort.org/community, after logging in.

The highest submitter for accepted rules for each month will receive some Snort goodies never before available.  Keep 
in mind that we must accept the rules.  So if you write a rule for an ICMP response on the network (for example), we 
are going to accept it.

We thank the community in advance for rule submissions, as well as continued submission of false positive reports.


--
Joel Esler
Manager, Talos Group




------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!