[Snort-sigs] VRT Release 2010-02-23 uses "detection_filter"
jeff-kell at ...922...
Wed Feb 24 10:55:05 EST 2010
On 2/24/2010 10:33 AM, Matt Olney wrote:
> Note: Snort rule packages for Subscribers and Registered Users track
> the latest patch release for any major version. This means that rule
> packages may make use of features that only exist in the latest
> version of Snort. A simple example is: If 2.8.4 is the current version
> of Snort then the snortrules-snapshot-2.8 packages might use features
> not available in 18.104.22.168 and earlier.
If you have a release version set (e.g., snapshot-2.8), might I suggest
that the rules that require the latest-and-greatest incremental features
be supplied in another rules file, e.g., latest-required.rules?
Once you roll the next version (2.9, or whatever) you can split those
out into the proper fileset ownership.
We used to only shoot ourselves in the foot with minor number changes
(2.4 to 2.6 to 2.8) but lately the collateral pedal damage has shifted
to the right :-)
More information about the Snort-sigs