[Snort-sigs] Rule Migration Cheat Sheet?
Parker_Crook at ...2899...
Wed Dec 22 12:12:11 EST 2010
> There are several new keywords (file_data, byte_extract, http_*) We don't
> have a specific conversion cheat sheet, as the old rule options still work
> fine, the new rule options just allow for clarification of functionality and
> a more specific and efficient rule writing process.
> That being said, I know a lot of you want to get your rules updated to Snort
> 2.9 format, I am just swamped, and I know I won't get to it until late
> January. If anyone from the community wants to write a cheat sheet document,
> we'll review it, I'll put it on the blog, snort.org, and I'll give you a free
> VRT rule subscription for a year.
I've had 2.9 setup in the lab for a while and haven't made the push in production yet for this very reason. I suppose I can take the plunge and start working on it and I will document my findings. I'll get started on this but I'm not sure how long it will take.
More information about the Snort-sigs