[Snort-sigs] CVE vs VRT Rules
wkitty42 at ...3507...
Tue Jun 25 12:11:49 EDT 2013
On 6/24/2013 23:33, Bandekar, Ravi wrote:
> So If I give you something like the below to add to the VRT rules, are you able
> to create the custom rules, so we can add it to our environment?
> CVE ID CVE-2013-1178
> CVE ID CVE-2013-1179
> CVE ID CVE-2013-1180
someone /might/ be able to but if you have actual traffic concerning those
rules, you should also be able to grab packet captures (pcaps) of that traffic
and create the necessary rules yourself...
that's one of the nice features of snort and its rules... if you don't have a
rule for what you want to detect, you can create it yourself... you may also
share your self-created rules with others if you desire...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-sigs