[Snort-devel] Snort's modules

Pratik Narang pratik.cse.bits at ...2499...
Fri Jul 27 03:17:52 EDT 2012

The preproc_rules directory contains decoder.rules, preprocessor.rules
and sensitive-data.rules. Surely there must be more to Snort's anomaly
detection than these 4 files :) (dependencies, et al.) Where do I
start looking?


On Wed, Jul 25, 2012 at 8:19 PM, Russ Combs <rcombs at ...402...> wrote:
> Snort signatures include decoder and preprocessor alerts which are primarily
> how anomalous traffic is detected.  Check the preproc_rules/ directory in
> the tarball.
> On Wed, Jul 25, 2012 at 8:58 AM, Pratik Narang <pratik.cse.bits at ...2499...>
> wrote:
>> Hi all,
>> I have been playing around with Snort for a while now. I am beginning to
>> wonder that apart from its Signatures being its biggest strength, what else
>> are the things on which Snort relies upon? Prima facie, the preprocessor
>> modules don't involve signatures- am I right here? Does Snort have an
>> Anomaly engine?? If not, i would be interested in knowing how all the
>> network stuff which cannot be detected via signatures (or you may say that I
>> do not wish to use signatures) can be detected with Snort?
>> Thanks...
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> Please visit http://blog.snort.org for the latest news about Snort!

More information about the Snort-devel mailing list