[Snort-sigs] Signature Timestamp?

Dusty Hall halljer at ...1195...
Fri Aug 8 06:20:04 EDT 2003


Matt,

  I guess what I'm trying to get to is this:  Say I'm looking through
some detected alerts on one of my sniffers and I see a ton of a
particular alert... How do I know when this rule/alert was added to the
rule sets (I download new rules each night).  I'm not suggesting adding
Dates to each rule, although that might work, I've just noticed everyone
working on rule documentation and none of this documentation has a date
associated with when it was added to the rule set.  I know you could go
and look at the CVE.. etc. but that doesn't tell you when the rule was
added.  Its not a huge problem, it just seems like there should be some
type of Date associated with each alert.  That is just my $.02 :).

-Dusty

>>> Matt Kettler <mkettler at ...189...> 8/7/2003 4:21:27 PM >>>
At 09:08 AM 8/7/2003 -0500, Dusty Hall wrote:
>This is probably a stupid question but here goes...  why doesn't
anyone
>Timestamp their Signatures?


I guess I can show my ignorance and state that I don't timestamp my 
signatures (and I do have my own custom snort rules), because I did not

know that snort had such a feature.

So what do you mean by timestamping a signature, and can you give an
example?




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01

_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list