[Snort-sigs] How dose suricata load snort dynamic rules (so_rules)?

Joel Esler (jesler) jesler at ...3865...
Mon Nov 21 18:22:59 EST 2016


There are lots of places to get pcaps for use in Snort.  The Darpa set, while dated, is a good place to start.  Other repositories like VirusTotal or pcapr.net<http://pcapr.net> are good places to go.

--
Joel Esler | Talos: Manager | jesler at ...3865...<mailto:jesler at ...3865...>






On Nov 19, 2016, at 2:08 AM, 刘强 <liuqiang40 at ...1318...<mailto:liuqiang40 at ...1318...>> wrote:

Hi

The purpose is to show basic IDS ability.
1. ddos attack
2. SQL inject
3. Web attack
and so on.

Could you please kindly provide some precious advice?

Thanks so much.

At 2016-11-19 12:14:40, "Joel Esler (jesler)" <jesler at ...3865...<mailto:jesler at ...3865...>> wrote:
Which rules are you trying to trigger?

--
Sent from my iPhone

On Nov 18, 2016, at 10:12 PM, 刘强 <liuqiang40 at ...1318...<mailto:liuqiang40 at ...1318...>> wrote:

Hi,

We need show a demo to our customer the IDS ability of snort.

Where can I find some pcap samples to trigger the rules?

Thanks a lot.




在 2016-11-18 00:06:43,"Joel Esler (jesler)" <jesler at ...3865...<mailto:jesler at ...3865...>> 写道:
It doesn’t.  Suricata cannot load Snort’s Dynamic Ruleset.


--
Joel Esler | Talos: Manager | jesler at ...3865...<mailto:jesler at ...3865...>






On Nov 16, 2016, at 9:58 PM, 刘强 <liuqiang40 at ...1318...<mailto:liuqiang40 at ...1318...>> wrote:

Hi,

How can I use the latest suricata to load the latest snort dynamic rules (so_rules)?

Thanks a lot.



超大附件列表‍
[https://qiye.aliyun.com/reference/images/filetypes/v4_null.png]
snortrules-snapshot-2983.tar[205.6MB]‍
进入下载页面<https://qiye.aliyun.com/alimail/openLinks/downloadMimeMetaDiskBigAttach?id=%2F%23user%2FDzzzzzzNqZx%3B0d2qyL%2FycBwlu77HMcINyQ%2B2WK57VTwEZKPG0RwecJQmUnb%2BBwr6PmOmjudCr%2FeymowAPoL0GD%2B%2BZJVyvnNtWg%3D%3D>



------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org<http://www.snort.org/>

Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

Visit the Snort.org<http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161121/1328c0ad/attachment.html>


More information about the Snort-sigs mailing list