[Snort-sigs] CVE vs VRT Rules

Joel Esler jesler at ...435...
Tue Jun 25 11:33:51 EDT 2013


We place the CVE for each rule it's applicable to in the rule itself.  Searching the Rules section of the Sourcefire GUI or a simple grep through the Open ruleset will tell you which rules for which CVEs there are.

If there are CVEs which we do not have coverage for, we can certainly try and develop coverage for it.  There are many factors to rule creation, but more than likely we'll be able to create coverage for it.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Jun 24, 2013, at 9:05 PM, "Bandekar, Ravi" <Ravi.Bandekar at ...3821...> wrote:

> Hi
>  
> I would like to know how we are able to check if specific CVEs have been added to the VRT rules.
>  
> Thanks.
>  
> Kind Regards
>  
> Ravi Bandekar
> Security Technology Operations 
> Security Operations, Telstra Operations
> <image001.png>
>  
>  
>  
>  
>  
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
> 
> Build for Windows Store.
> 
> http://p.sf.net/sfu/windows-dev2dev_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130625/9d9393f5/attachment.html>


More information about the Snort-sigs mailing list