[Snort-devel] Snort's modules

Russ Combs rcombs at ...402...
Wed Jul 25 10:49:27 EDT 2012

Snort signatures include decoder and preprocessor alerts which are
primarily how anomalous traffic is detected.  Check the preproc_rules/
directory in the tarball.

On Wed, Jul 25, 2012 at 8:58 AM, Pratik Narang <pratik.cse.bits at ...2499...>wrote:

> Hi all,
> I have been playing around with Snort for a while now. I am beginning to
> wonder that apart from its Signatures being its biggest strength, what else
> are the things on which Snort relies upon? Prima facie, the preprocessor
> modules don't involve signatures- am I right here? Does Snort have an
> Anomaly engine?? If not, i would be interested in knowing how all the
> network stuff which cannot be detected via signatures (or you may say that
> I do not wish to use signatures) can be detected with Snort?
> Thanks...
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120725/f1df435a/attachment.html>

More information about the Snort-devel mailing list