[Snort-sigs] F5 BIG-IP

Joshua Ox eternity336 at ...2420...
Fri Feb 10 18:18:17 EST 2017


So I'm going to need to look into that further sounds awesome.  How does it
work with Source fire?  I've never seen an option to add objects like that.

On Feb 10, 2017 4:58 PM, "Y M" <snort at ...3751...> wrote:

> This FAQ provides good information about Shared Object Rule:
>
> https://www.snort.org/faq/shared-object-rules
>
> YM
>
>
> ------------------------------
> *From:* eternity336 at ...2420... <eternity336 at ...2420...> on behalf of Joshua
> Ochsankehl <joshua.ochsankehl at ...2420...>
> *Sent:* Saturday, February 11, 2017 1:50:47 AM
> *To:* Y M
> *Cc:* snort-sigs at lists.sourceforge.net
> *Subject:* Re: [Snort-sigs] F5 BIG-IP
>
> Does that mean there is a plugin or process outside of the snort rule
> inspecting the traffic?
>
> On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort at ...3751...> wrote:
>
>> This is a gid:3 signature; a shared object rule. The detection part of a
>> is a compiled object. What you see is the signature stub.
>>
>> YM
>> ------------------------------
>> *From:* Joshua Ochsankehl <joshua.ochsankehl at ...2420...>
>> *Sent:* Saturday, February 11, 2017 1:31:26 AM
>> *To:* snort-sigs at lists.sourceforge.net
>> *Subject:* [Snort-sigs] F5 BIG-IP
>>
>> Snort talos rules 41547-8 don't contain any content and only have
>> commands within metadata.  What is it actually doing?
>>
>> V/R,
>> Joshua "Ox" Ochsankehl
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>> http://www.snort.org
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
>> to stay up to date to catch the most <a href="
>> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/a917e972/attachment.html>


More information about the Snort-sigs mailing list