[Snort-users] Emerging Threats Rules
sethsec at ...11827...
Thu Oct 23 10:40:23 EDT 2008
On Wed, Oct 22, 2008 at 7:05 PM, Jefferson, Shawn
<Shawn.Jefferson at ...14448...> wrote:
> I was wondering what the best method of implementing the Emerging Threats
> rules on a snort machine is? I'm using Snort with MySQL, Barnyard and BASE.
> I've got my snort machine downloading the Emerging Threats rules everyday,
> and I just put an include for each ET rule file in the snort.conf file. Is
> this the best way to handle it?
Yes it is.
> Also, I noticed that in BASE, I am not seeing the SID name, and I'm assuming
> that is because I am not telling the system to look at the ET sid.msg file.
> What's the best way to deal with that?
Use create-sidmap.pl http://oinkmaster.sourceforge.net/download.shtml
Run it after you run oinkmaster, but before you restart snort.
Ex: /path/to/create-sidmap.pl /etc/snort/rules/ > /etc/snort/rules/sid-msg.map
More information about the Snort-users