[Snort-sigs] More APT1 info that needs to be made into snort rules

Joel Esler jesler at ...435...
Mon Mar 4 09:21:24 EST 2013


On Mar 4, 2013, at 8:49 AM, Barry Weymes <weymes at ...1166...> wrote:

> Hello,
>  
> I came across a Symantec report today:http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf
> I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it being made into rules.
>  
> Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within sourcefire that would knowledge about the rule generation process?

I've opened a bug to see what we can make!

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130304/de5e94e2/attachment.html>


More information about the Snort-sigs mailing list