[Snort-sigs] Rule Migration Cheat Sheet?

Hayes, Bert (ISO) bhayes at ...3542...
Tue Dec 21 14:51:40 EST 2010

My apologies if this has already been covered elsewhere; if it has, I sure
can't find it.

I'm upgrading a non-production system from Debian's Snort 2.7 package to
Snort compiled from source.  This system only uses a handful of
custom rules that I've written myself for post-mortem pcap analysis of
malware, etc.  I'm not using VRT, ET, ET Pro, etc.  Just a few rules dumped
from my brain.

I'm aware that there were some big changes in rule syntax as of 2.8.6 (man,
am I aware) but I can't find a concise, coherent explanation of what the
specific changes are.  I can find tons of links re: how to get new and
improved rules that others have written, but nothing that addresses how to
re-write my own rules.

Anybody got a link?  Can it be posted to the Snort blog (I know it's not
exactly timely, but it could help others).



Bert Hayes, GCIH
Senior Network Security Analyst
University of Texas at Austin
Information Security Office

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5557 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20101221/6fba2e7b/attachment.bin>

More information about the Snort-sigs mailing list