Snort mailing list archives

Re: Regex Rules

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 13 Nov 2019 18:50:51 +0000

Hello Tudor,

Not sure where you are getting that number, there are currently 9790 rules in the plaintext ruleset that contain pcre.


--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Nov 13, 2019, at 3:37 AM, Iures, Tudor-Cristian via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () 
lists snort org>> wrote:

Hello everybody,

I’m a third year Computer Science student doing a project on regular expressions. The use of regular expressions in 
Snort is one of my research topics. This paper 
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.154.6795&rep=rep1&type=pdf from 2008 is stating that 5549 of 
8536 Snort rules are using regular expressions and this source http://www.cs.bham.ac.uk/~hxt/research/rxxr2/ contains a 
list of 12499 Snort rules using regular expressions. However, the current Snort rules only contains 826 regex rules, 
considerably less.

My question is, why the drop in usage?

Thank you,

Tudor Iures

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org<http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to 
catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Regex Rules Iures, Tudor-Cristian via Snort-sigs (Nov 13)
- Re: Regex Rules Joel Esler (jesler) via Snort-sigs (Nov 13)