[Snort-devel] DDL for snort rules in a DB
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Thu Sep 19 09:50:05 EDT 2002
It's been mentioned a few times very recently, and so our company would
like to contribute a bit of data structure to the snort project.
We've been using this structure (with other tables), to generate rules
files for our different sensors. The header part of it all is fairly
unsophisticated, and the rules parts should be sufficient. We'd love to
offer our services to make snort load its config from a DB.
The tables are:
Contains all required bits of information, and similar items that may
appear only once.
Contains all rule flags (but for msg: sid: rev: priority: class:)
ordered by their entry.
Extra table that contains a list of groups (similar to the files out
there now (web-misc.rules...)) that associate to a rule. This should
allow for people to create management tools that are familiar to the
environment they use today (vi anyone?).
Contains the header information for the sensor config (preprocessors
and such). Is currently just large text field, but would like it to be
Contains a list of the variables used in config.
Contains a list of variables to be changed in config (overwrites global
Contains basic policy information
Links rules into a policy... So that a policy containing a set of
common rules may be applied across multiple sensors... While still
allowing the sensors to have their own variables and such.
links a sensor to a Policy (set of rules).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3805 bytes
More information about the Snort-devel