[Snort-sigs] Packet Payload database?

[Scott Zawalski]

Is there a database available to the public that has captures of what 
some of these rules are looking for? I have looked around and not been 
able to find one.

 If older rules have broad defniitions that later on produce false 
positives, people cannot improve them without knowing what the rule was 
originally constructed for. With a database like this available it will 
help older rules be even more fined tuned as newer net traffic 
(homegrown apps)  might incorporate traffic bits that produces false 
positives.

I think that something along these lines would fit in perfectly with the 
current snort-rules documentation and would be easy to keep up to date. 
As new rules come up simply attach the payload you produced it from.

Scott