[Snort-sigs] BleedingSnort rules hits information

Matthew Jonkman matt at ...2436...
Fri Aug 20 12:30:28 EDT 2004


Federico Petronio wrote:
> Hi, recently I posted some rules for detecting XSS and SQL Injection 
> attempts against PHP Nuke, and those rules were added to BleedingEdge.
> 
> Now, I would like to know if I will get any feedback about if those were 
> useful or not (FPs, FNs, correct detections, etc). Is there any place 
> where information about this is published?

Right now it's all word of mouth. But this is a function we're hoping to 
build into the new php interface for bleeding snort. We plan to have 
some sort of voting or confidence factor for the rules.

That'll also depend on participation, but we'll see how it works.

Matt




More information about the Snort-sigs mailing list