[Snort-sigs] How dose suricata load snort dynamic rules (so_rules)?

刘强 liuqiang40 at ...1318...
Sat Nov 19 02:08:26 EST 2016


The purpose is to show basic IDS ability.
1. ddos attack
2. SQL inject
3. Web attack
and so on.

Could you please kindly provide some precious advice?

Thanks so much.

At 2016-11-19 12:14:40, "Joel Esler (jesler)" <jesler at ...3865...> wrote:

Which rules are you trying to trigger?

Sent from my iPhone

On Nov 18, 2016, at 10:12 PM, 刘强 <liuqiang40 at ...1318...> wrote:


We need show a demo to our customer the IDS ability of snort.

Where can I find some pcap samples to trigger the rules?

Thanks a lot.

在 2016-11-18 00:06:43,"Joel Esler (jesler)" <jesler at ...3865...> 写道:
It doesn’t.  Suricata cannot load Snort’s Dynamic Ruleset.  

Joel Esler | Talos: Manager | jesler at ...3865...

On Nov 16, 2016, at 9:58 PM, 刘强 <liuqiang40 at ...1318...> wrote:


How can I use the latest suricata to load the latest snort dynamic rules (so_rules)?

Thanks a lot.



Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net


Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161119/6a7d86fc/attachment.html>

More information about the Snort-sigs mailing list