This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom Rules

Hi,

I'm interested in applying some of the "bleeding edge" rules that are published in the snort mailing lists. These rules seem particularly good for Day 0 attacks.

I've tried a couple of times to map these rules to the "New Rule" page on ASL, but have had no luck.

Can someone help me out?
The "New Rule" setup is looking for three things:
1) Description
2) Selector
3) Filter

Here is an example of a rule that is published:

2001759 || BLEEDING-EDGE Virus Beagle.BK - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk@mm.html

Can someone help me map the three to this rule?

Thanks

This thread was automatically locked due to age.

Parents

0 BarryG over 20 years ago

I haven't tried it, but I do see the built-in help has some information and examples.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 20 years ago

I haven't tried it, but I do see the built-in help has some information and examples.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 SalishSwede over 20 years ago in reply to BarryG

I'll look again, but the last time I did, the help examples did not map to those found at large, specifically with the snort bleeding edge updates.

Thanks for the input
Cancel
Vote Up 0 Vote Down

Cancel