[Snort-users] Rule MANager for Snort V 0.0.3a is out ....
mark at ...5096...
Fri Mar 8 03:47:05 EST 2002
Released RMAN-0.0.3 Alpha last night.
I've added variable handling and auto update of variables
on multiple remote sensors to rman. This allows a 'sensor grid'
wide default with per sensor variations and automatic update.
(Oh and fixed a few bugs as well).
This is the first stage in being able to handle per group
variations as well so that you can have one rule, and for a
particular group on a particular sensor the variable gets
substituted without having to write special rules so that future
updates to a rule apply to all variations .... but you'll have to
wait for 0.0.4 alpha for that.
(i.e. for an ISP - only scan all customer traffic for
Nimda / CodeRed but apply full ruleset to isp's servers)
Can those who have downloaded RMAN drop me a line to let me
know how it's going - it would be great to have some feedback!
(although this might not be the best time to ask for this as I am
about to become a daddy for the second time ;-) !!)
Mark Vevers. mark at ...5096... / mvevers at ...5097...
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
More information about the Snort-users