[Snort-users] [Snort-sigs] Introduction to Shared Object Rules blog post

Matt Olney molney at ...1935...
Thu Feb 4 18:30:30 EST 2010


One of the reasons Patrick and I have been so quiet here and on the
blog is we've been busting our asses on the SO stuff.  We have some
things coming up to get folks to the point where they can use the SO
rules and hopefully we'll have some SO tools that you guys might think
are useful.  Get your head wrapped around this, and we'll have more
goodies coming up.  We're both really excited about detailing out this
under-utilized feature in Snort.

matt

On Thu, Feb 4, 2010 at 5:48 PM, Patrick Mullen <pmullen at ...1935...> wrote:
> All,
>
> I would like to direct your attention to a blog post that just went up
> that gives an introduction to shared object rules development and the
> snort text rule to shared object rule converter that is available on
> the VRT Labs site (http://labs.snort.org) --
>
> http://vrt-sourcefire.blogspot.com/2010/02/introduction-to-shared-object-rules.html
>
> Please give it a read and let me know what you think.  It's the first
> in a series that is intended to finally provide some documentation
> around SO rules, but as the post states this is an introduction that
> simply goes ahead and puts the idea out there and leaves a lot of
> interpretation to the reader.  My hope is that it spurs discussion, so
> please feel free to comment on the blog, on the list, or to me
> personally.  Questions about why something was done a particular way
> or why something was done (or not done) are welcomed and appreciated.
>
>
> Thanks!
>
> ~Patrick
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-users mailing list