[Snort-sigs] Snort Blog: Community Snort Rule Monthly Detection Contest!
Joel Esler (jesler)
jesler at ...3865...
Wed Mar 9 10:44:22 EST 2016
Slight error in this email. Don’t know how I did that…
... if you write a rule for an ICMP response on the network (for example), we are going to accept it….
…. if you write a rule for an ICMP response on the network (for example), we are not going to accept it….
Manager, Talos Group
On Mar 9, 2016, at 10:12 AM, Joel Esler (jesler) <jesler at ...3865...<mailto:jesler at ...3865...>> wrote:
Community Snort Rule Monthly Detection Contest!
Here at Snort, we continue to welcome rule submissions to improve community detection. As a thanks to our community, we like to reward individuals with some cool “Snort swag” items such as our new “Snorty mug”, hoodies, Snort calendar, and other goodies for rule submissions accepted.
Standard rules for submission criteria:
We are accepting signatures into the community ruleset<https://www.snort.org/downloads/#rules> (GPLv2 licensed) via the Snort-Sigs mailing list, which anyone may join here: https://lists.sourceforge.net/lists/listinfo/snort-sigs.
When we receive a signature, we will follow our standard internal procedures (which involves heavy QA of the signature, testing, optimization for performance, and perhaps sending the rule out to our internal any external testing groups).
You may reference the Snort Users Manual for general rules questions, as well as discussing it among fellow Snort Rule writers on the above list.
The rules are released in the Snort Rule Set and are available to our customers and the Snort community as a whole via our normal community rule distribution process, published daily!
We will provide you feedback about how to improve your rules such as what you should or should not do, tips and tricks involved with the latest versions of Snort and its’ keywords, as well as giving the author full attribution for their submissions, on the Snort Blog, as well as the AUTHORS file contained in the Community Rule Set tarball.
If you’d like to submit to the Snort ruleset, please email us at research [at] sourcefire.com<mailto:research at ...435...> with your rule and research behind it (pcap, ascii dump, references, anything!)
As always False positive reports belong here: https://snort.org/community, after logging in.
The highest submitter for accepted rules for each month will receive some Snort goodies never before available. Keep in mind that we must accept the rules. So if you write a rule for an ICMP response on the network (for example), we are going to accept it.
We thank the community in advance for rule submissions, as well as continued submission of false positive reports.
Manager, Talos Group
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs