[Snort-devel] xml format samples

Todd Lewis tlewis at ...255...
Wed Feb 7 14:34:36 EST 2001

On 7 Feb 2001, Mike Andersen wrote:

> Nice, but I would like to have more information in the rule (see the
> example I've included).

No objection there; mine was a first draft.

> | 	<bcontent>88042020202020202020202020202020</bcontent>
> It might be an advantage to add information about which encoding that is
> used for the binary content.  Something like:
>    <content encoding="blah">88042020202020202020202020202020</content>

Very cool.

> Here is an example that we are using internally (we are also planning to
> make snort XML aware):

Hey, that's snazzy.  Do you have any documentation or tools for that
format that you'd be willing to share?  We're working on a ruleset
management system, and our boys I'm sure would be interested in seeing
and potentially using something like that.

Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz

More information about the Snort-devel mailing list