[Snort-users] New snort rule lookup
JHally at ...5637...
Mon Mar 28 22:28:21 EST 2005
At some point I'll probably look at hacking snortcenter2 to do it for me,
til then, grep it is.
From: Frank Knobbe [mailto:frank at ...9761...]
Sent: Monday, March 28, 2005 4:45 PM
To: John Hally
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] New snort rule lookup
On Mon, 2005-03-28 at 16:06 -0500, John Hally wrote:
> I noticed that the new rule lookup doesn't have the actual rule syntax
> included as it did before. Was this planned? I found that helped a
> LOT when trying to determine if the alert was malicious or not.
My guess would be that the web site is not able to distinguish between
the GPL rules and the VRT rules. Thus the web site does not display the
actual rules anymore. As you recall, you have to sign up for the VRT
That said, "grep 'sid:1234567' *.rules" works just as well. Just take a
look at the Snort rule themselves.
More information about the Snort-users