[Snort-sigs] CVE vs VRT Rules

waldo kitty wkitty42 at ...3507...
Tue Jun 25 12:11:49 EDT 2013


On 6/24/2013 23:33, Bandekar, Ravi wrote:
> Hi
>
> So If I give you something like the below to add to the VRT rules, are you able
> to create the custom rules, so we can add it to our environment?
>
> CVE ID CVE-2013-1178
> CVE ID CVE-2013-1179
> CVE ID CVE-2013-1180

someone /might/ be able to but if you have actual traffic concerning those 
rules, you should also be able to grab packet captures (pcaps) of that traffic 
and create the necessary rules yourself...

that's one of the nice features of snort and its rules... if you don't have a 
rule for what you want to detect, you can create it yourself... you may also 
share your self-created rules with others if you desire...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-sigs mailing list