[Snort-sigs] Bleeding snort rules and snortcenter2

John Hally JHally at ...1106...
Sun Mar 20 12:21:27 EST 2005


Thanks Wes,

What file is this in, I can't seem to locate it.

Thanks!

-----Original Message-----
From: Wes Young [mailto:wcyoung at ...2584...] 
Sent: Friday, March 18, 2005 10:01 AM
To: John Hally
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] Bleeding snort rules and snortcenter2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

yup yup

at the top of the rule files headers of the snort ruleset you'll notice
a the following line:

# $Id: rulecat.rules

this is how snortcenter parses its rules into categories... there's a
script in the works to fix that (idealy, grab both rulesets, import them
into snortcenter, and update your rulebase accordingly).

for now, while you are importing rules, make sure you add that idtag to
to the top of the file

John Hally wrote:
| Hello All,
|
|
|
| Has anyone integrated the bleeding snort rule sets into snortcenter2?
| I've played around with it a little bit and it seems that it just dumps
| the bleeding rules into the unknown category.  I'm curious if others
| have made modifications so that they drop into their own "bleeding'
| categories or merged them into the current categories.
|
|
|
|
|
| Thanks in advance!
|

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCOu0Q1M5o0FsrrbERAuAHAKCLKRUO30dxvkQgkpNk+j1blvwSpACgjzj9
Z0cv89QKHaGUWlPxmDl2ScI=
=YTqo
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list