[Snort-sigs] no documentation about some rules

Joel Esler (jesler) jesler at ...3865...
Thu Aug 28 11:14:24 EDT 2014


On Aug 28, 2014, at 10:40 AM, Maurizio Di Pietro (Esterna) <m.dipietro at ...3320...944...<mailto:m.dipietro at ...3944...>> wrote:

I have one instance of snort that raises some event. I didn’t find the documentation about their online and in opensource.tar.gz.
All event belong two categories, malware-cnc.rules and blacklist.rues
For example
27247, 28539, 28805, 29262, 24034, 30833, 23493, 30825, 30842, 30840, 30836, 30827, 30835, 31136, 30260, etc…

Why there aren’t a documentation about their?
How can I find information about this event?

I’m registered user and use rules 2962.

Documentation exists in two forms.  Either as a separate doc (which is what you are talking about), or the links within the rules themselves.  For example, every malware-cnc rule is linked to the sample on Virustotal that generated the traffic that the rule was written off of.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140828/773298fb/attachment.html>


More information about the Snort-sigs mailing list