Re: Please help me to get Snort rules for Automotive

[Ayan Bandyopadhyay via Snort-sigs <snort-sigs () lists snort org>]

Hi,
Thanks for asking. Let me give you a brief detail of our project:

    We are developing for a SW driven Electric Vehicle. As a major architecture change w.r.t previous Automotive era, 
there will be 4 zonal controllers which are connected in a circular fashion via 10Gbps Ethernet. All other ECUs are 
connected to the Zonal Controllers by different connection types like CAN, MOST, Ethernet etc. One of these 4 Zonal 
controller is working as master and will be connected to internet via 5G wifi. This connection will be used for FOTA 
update and other connected features.
    We are planning to run Snort on this master zonal controller as a Network IDS tool and alert the admin (or log) 
whenever there is any unwanted transaction happens through it. We should consider that all the other Automotive ECUs 
(like Infotainment, Cluster, Body, Power Transmission etc.) will be communicating through this master zonal controller 
to outside world.
    So we are expecting Snort rules which will help us capture typical attacks that can compromise any of the internal 
Automotive ECU or can try to control any of the Zonal controllers. Please let us know if you need further details of 
area.


Thanks & Regards,
Ayan Bandyopadhyay,
Mobile: +91 9836654548

________________________________
From: Snort User <snort.user () gmail com>
Sent: Saturday, October 29, 2022 2:04 AM
To: Ayan Bandyopadhyay <ayan.bandyopadhyay () wipro com>
Cc: snort-sigs () lists snort org <snort-sigs () lists snort org>; Swapnil Rajendra Patil <swapnil.patil31 () wipro com>
Subject: Re: [Snort-sigs] Please help me to get Snort rules for Automotive


CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.


Ayan,

Does the Automative domains have any specific networking protocols? Can you be a bit more detailed as to what is 
different about Automative domain/field?
For e.g. there are SCADA networks that have specific protocols, and Snort has created preprocessors and rules that are 
specific to that domain.
Does Automative domain fall under that category?





On Thu, Oct 27, 2022 at 1:09 PM Ayan Bandyopadhyay via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () 
lists snort org>> wrote:
Hi,
Please help me to get Snort rules for Automotive.

If you can forward me some link, document to community address who works on Automotive specific Snort rules will be a 
great help.

Thanks & Regards,
Ayan Bandyopadhyay,
Mobile: +91 9836654548
'The information contained in this electronic message and any attachments to this message are intended for the 
exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not 
the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender 
immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted 
via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts 
no liability for any damage caused by any virus transmitted by this email. 
www.wipro.com<https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wipro.com%2F&data=05%7C01%7Cayan.bandyopadhyay%40wipro.com%7C74c43d3dee9348cd701708dab923d75a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C638025860851925959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gFZiqBPzcjvq4hSSys2HNljA1shJmFAsTk5Rsj1AWFU%3D&reserved=0>'

Internal to Wipro

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-sigs<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.snort.org%2Fmailman%2Flistinfo%2Fsnort-sigs&data=05%7C01%7Cayan.bandyopadhyay%40wipro.com%7C74c43d3dee9348cd701708dab923d75a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C638025860851925959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=R7Hsg7pwSUdnWx1XVid2Rt9TajRzkd8j%2FEKS7UhXYwU%3D&reserved=0>

Please visit 
http://blog.snort.org<https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.snort.org%2F&data=05%7C01%7Cayan.bandyopadhyay%40wipro.com%7C74c43d3dee9348cd701708dab923d75a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C638025860851925959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2qsmq8TjGGyhw5deR%2BDAA6aK1hLtpQXErkkiV%2Bfu4ag%3D&reserved=0>
 for the latest news about Snort!

Please follow these rules: 
https://snort.org/faq/what-is-the-mailing-list-etiquette<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsnort.org%2Ffaq%2Fwhat-is-the-mailing-list-etiquette&data=05%7C01%7Cayan.bandyopadhyay%40wipro.com%7C74c43d3dee9348cd701708dab923d75a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C638025860851925959%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E0ATa%2BE34TejfzFisUCDbqdQIwfK4ZSHew%2BfCjl7rQM%3D&reserved=0>

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" 
https://snort.org/downloads/#rule-downloads<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsnort.org%2Fdownloads%2F%23rule-downloads&data=05%7C01%7Cayan.bandyopadhyay%40wipro.com%7C74c43d3dee9348cd701708dab923d75a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C638025860852082184%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rzVQ7Yna6qlMmPILMhSphIuAm4EBIrCGHuoknKoxasQ%3D&reserved=0>">emerging
 threats</a>!
'The information contained in this electronic message and any attachments to this message are intended for the 
exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not 
the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender 
immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted 
via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts 
no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!