This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom Rules

Hi,

I'm interested in applying some of the "bleeding edge" rules that are published in the snort mailing lists. These rules seem particularly good for Day 0 attacks.

I've tried a couple of times to map these rules to the "New Rule" page on ASL, but have had no luck.

Can someone help me out?
The "New Rule" setup is looking for three things:
1) Description
2) Selector
3) Filter

Here is an example of a rule that is published:

2001759 || BLEEDING-EDGE Virus Beagle.BK - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk@mm.html

Can someone help me map the three to this rule?

Thanks

This thread was automatically locked due to age.

Parents

0 SalishSwede over 20 years ago

Not a single person out there can help with this?

Come on... someone?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 SalishSwede over 20 years ago

Not a single person out there can help with this?

Come on... someone?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 SalishSwede over 20 years ago in reply to SalishSwede

Do I offer a reward?
Cancel
Vote Up 0 Vote Down

Cancel
0 SalishSwede over 20 years ago in reply to SalishSwede

A nickel?
Cancel
Vote Up 0 Vote Down

Cancel