[Snort-devel] xml format samples

Todd Lewis tlewis at ...255...
Wed Feb 7 14:34:36 EST 2001


On 7 Feb 2001, Mike Andersen wrote:

> Nice, but I would like to have more information in the rule (see the
> example I've included).

No objection there; mine was a first draft.

> | 	<bcontent>88042020202020202020202020202020</bcontent>
> 
> It might be an advantage to add information about which encoding that is
> used for the binary content.  Something like:
> 
>    <content encoding="blah">88042020202020202020202020202020</content>

Very cool.

> Here is an example that we are using internally (we are also planning to
> make snort XML aware):

Hey, that's snazzy.  Do you have any documentation or tools for that
format that you'd be willing to share?  We're working on a ruleset
management system, and our boys I'm sure would be interested in seeing
and potentially using something like that.

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list