[Snort-sigs] Snort.org was updated today, with new features!

Joel Esler jesler at ...435...
Wed Nov 3 17:34:44 EDT 2010


Today our web team here at Sourcefire did some updates to both the front and back end of the Snort.org website.  So I just wanted to bring a couple of these features out to the community's attention:

False Positive Reporting Form

We now have the ability for you to submit a false positive report directly to the Vulnerability Research Team (VRT) at Sourcefire via a web form.  The web form will ask you for the following items:

A description of the false positive
A SID and GID for the event
Snort version
Operating System & Version
If Snort was built from source or from a binary package
If you've used any non-standard PCAP libraries
Any command line options passed to Snort
Full Snort Configuration file
Full PCAP (Where PCAPs can't be collected unified log files are acceptable)
Of course Sourcefire still will monitor the snort-sigs list as well as the #snort channel on the Freenode network on IRC, however, this form should get us a more comprehensive look at any problems that may occur with False Positives against VRT Ruleset.

Privacy for False Positives

Your information that you submit in the False Positive Form can only be viewed by the VRT.  It is transferred to our file storage via secure connection.

The form is here: https://www.snort.org/uploads, and you'll need to log into the Snort.org website to use the feature.

Command Line Rules Access Instructions

Since we moved the Snort.org website's file transfers to Amazon's S3 cloud architecture, there has been a lot of confusion surrounding the instructions (and file naming) for Snort's rule files and source files.

We have created instructions on the website now on how to download files via wget and curl so that you may build this into your scripts and use the commands natively.

For the source files:
http://www.snort.org/snort-downloads/cli

For the rules files:
http://www.snort.org/snort-rules/cli

The "Edge rulepack"

Another type of Snort rule pack has been introduced as well.  We are calling this the "edge" rule pack.  Which tracks the latest work being done by the VRT so you don't have to change the name of the rulepack file you are downloading with each new release.

snortrules-snapshot-edge.tar.gz will now download the most current versioned rulepack.  For example, if Snort 2861 and 2900 rules are available, "edge" will pull down 2900.

http://www.snort.org/snort-rules/cli#edge

These updates are also summarized here:

http://www.snort.org/site/update-20101103

Thanks all for your continued support of Sourcefire and Snort, and we'll continue to make improvements to the website.

If there are any questions, don't hesitate to contact me (or the list) and we can get them resolved (or if you run into any problems with the above).

Thanks,

Joel Esler
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20101103/3c10a600/attachment.html>


More information about the Snort-sigs mailing list