[Snort-sigs] Introduction to Shared Object Rules blog post

Patrick Mullen pmullen at ...435...
Thu Feb 4 17:48:37 EST 2010


I would like to direct your attention to a blog post that just went up
that gives an introduction to shared object rules development and the
snort text rule to shared object rule converter that is available on
the VRT Labs site (http://labs.snort.org) --


Please give it a read and let me know what you think.  It's the first
in a series that is intended to finally provide some documentation
around SO rules, but as the post states this is an introduction that
simply goes ahead and puts the idea out there and leaves a lot of
interpretation to the reader.  My hope is that it spurs discussion, so
please feel free to comment on the blog, on the list, or to me
personally.  Questions about why something was done a particular way
or why something was done (or not done) are welcomed and appreciated.



More information about the Snort-sigs mailing list