[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] Snort.org Blog: The Sourcefire VRT Community ruleset is live!
From: Joel Esler <jesler () sourcefire ! com>
Date: 2013-03-27 14:39:51
Message-ID: 6CF09AF3-D161-4470-9BD0-25D36C752679 () sourcefire ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html
The Sourcefire VRT Community ruleset is live!
As I discussed last week in my blog post concerning the recent VRT Rule license \
changes (blog post can be found here: \
http://blog.snort.org/2013/03/vrt-rule-license-change-v20.html), the community \
ruleset, something we've been planning here in the VRT is finally live!
The Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of \
charge without the VRT License restrictions, without delay, and without oinkcode \
restriction. It consists of the original GPLv2 rules (SIDs 3464 and below) as well \
as any rules that have been submitted to us to date for inclusion in the VRT ruleset.
This ruleset is updated daily and is a subset of the subscriber ruleset. If you are a \
VRT Subscriber, the community ruleset is already built into your download. The \
subscriber ruleset will continue to be published on Tuesdays and Thursdays.
If you are a registered user (under the 30-day delay) you may also include this \
ruleset in your Snort installation to stay current. If there are SID conflicts when \
Snort starts up between the two rulesets Snort will always take the higher revision \
number or "rev". In most cases this will be the community ruleset.
The ruleset is designed for the most recent version of Snort. (As of today, 2.9.4.1) \
This isn't to say that the ruleset won't function on older versions of Snort, we just \
design this up to date and living ruleset for the most current version of Snort in \
production.
There are no shared object rules in the community rulepack.
You may download the Community ruleset by editing your pulledpork.conf and adding the \
following line to your "rule_url" section: \
rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community
The SVN version of pulledpork also contains this functionality, and a new release of \
pulledpork will be pushed soon.
The authors of the rules in the community ruleset are listed in the AUTHORS file \
inside the tarball.
If you would like to submit to the community ruleset, you may do so by emailing your \
rule to vrt [at] sourcefire [dot] com. We require a pcap for the traffic your rule \
is supposed to detect, and in lieu of a pcap, references, screenshots or something \
needs to be provided to give us some indication of what your rule is written to fire \
on.
Rules submitted to the VRT on the Snort-sigs mailing list will also go into the \
community ruleset with full attribution to the author.
We look forward to working with you all and the many people that have already \
submitted rules to us in order to make this a vibrant living and breathing ruleset! \
It's been a long time coming, so thanks for being patient with us!
If there are any questions, please send them to the Snort-sigs mailing list listed \
above!
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=us-ascii"><base \
href="http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html"><style \
id="article-content"> @media print {
.original-url {
display: none;
}
}
h1.title {
font-family: Palatino, Georgia, Times, "Times New Roman", serif;
font-weight: bold;
font-size: 1.33em;
line-height: 1.25em;
text-align: start;
-webkit-hyphens: manual;
}
h1 {
font-size: 1.25em;
}
h2 {
font-size: 1.125em;
}
h3 {
font-size: 1.05em;
}
.page.rtl {
direction: rtl;
}
.page a {
text-decoration: none;
color: rgb(32, 0, 127);
}
.page a:visited {
color: rgb(32, 0, 127);
}
#article.auto-hyphenated {
-webkit-hyphens: auto;
}
#article pre {
white-space: pre-wrap;
}
#article img {
/* Float images to the left, so that text will nicely flow around them. \
*/ float: left;
margin-right: 12px;
/* Scale down very wide images, but maintain their intrinsic aspect \
ratio. */ max-width: 100%;
height: auto;
}
#article img.reader-image-tiny {
/* Don't float very small images -- let them display where they occur in \
the text. */ float: none;
margin: 0;
}
#article img.reader-image-large {
float: none;
margin: auto;
margin-bottom: 0.75em;
display: block;
}
#article .leading-image {
font-family: Helvetica, sans-serif;
margin-bottom: .25em;
-webkit-hyphens: manual;
}
#article .leading-image img {
margin: auto;
float: none;
display: block;
clear: both;
}
#article .leading-image img.full-width {
width: 100%;
}
#article .leading-image .credit {
color: #909090;
font-size: 0.55em;
margin: 0;
text-align: right;
width: 100%;
}
#article .leading-image .caption {
color: #666;
font-size: 0.7em;
line-height: 140%;
margin-top: 0.4em;
width: 100%;
}
#article .leading-image .credit + .caption {
margin-top: 0.1em;
}
.float {
margin: 8px 0;
font-size: 65%;
line-height: 1.4;
text-align: start;
-webkit-hyphens: manual;
}
.float.left {
float: left;
margin-right: 20px;
}
.float.right {
float: right;
margin-left: 20px;
}
.float.full-width {
float: none;
display: block;
font-size: 100%;
}
.page {
font: 20px Palatino, Georgia, Times, "Times New Roman", serif;
line-height: 160%;
text-align: justify;
}
.page:first-of-type .title {
display: block;
}
.page table {
font-size: 0.9em;
text-align: start;
-webkit-hyphens: manual;
}
.page-number {
display: none;
}
.title {
display: none;
}
@media screen and (max-device-width: 480px) {
#article.auto-hyphenated {
-webkit-hyphens: manual;
}
.page {
text-align: start;
}
}
</style><title>Snort.org Blog: The Sourcefire VRT Community ruleset is \
live!</title></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; " class=""><span contenteditable="false" \
class="Apple-Mail-URLShareWrapperClass"><span style="line-height: 14px !important; \
color: black !important; text-align: left !important; " \
class="Apple-Mail-URLShareUserContentTopClass" applecontenteditable="true"><br \
class=""></span><span style="position: relative !important; " \
class="Apple-Mail-URLShareSharedContentClass" applecontenteditable="true"><base \
href="http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html" \
class=""><div class=""><div class="original-url"><a \
href="http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html" \
class="">http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html</a><br \
class=""><br class=""></div><div id="article" onscroll="articleScrolled();" \
style="-webkit-locale: en; " class="auto-hyphenated">
<!-- This node will contain a number of 'page' class divs. -->
<div style="font-family: Palatino, Georgia, Times, 'Times New Roman', \
serif; font-size: 14px; line-height: 1.4; " class="page"><h1 class="title">The \
Sourcefire VRT Community ruleset is live!</h1> As I discussed last week in my blog \
post concerning the recent VRT Rule license changes (blog post can be found here: \
<a href="http://blog.snort.org/2013/03/vrt-rule-license-change-v20.html" \
class="">http://blog.snort.org/2013/03/vrt-rule-license-change-v20.html</a>), the <b \
class="">community ruleset</b>, something we've been planning here in the VRT is \
finally live!<br class=""> <br class="">
The Community Ruleset is a GPLv2 <i class="">VRT certified</i> ruleset that is \
distributed free of charge without the VRT License restrictions, without delay, and \
without oinkcode restriction. It consists of the original GPLv2 rules (SIDs \
3464 and below) as well as any rules that have been submitted to us to date for \
inclusion in the VRT ruleset.<br class=""> <br class="">
This ruleset is updated daily and is a subset of the subscriber ruleset. If you are a \
VRT Subscriber, the community ruleset is already built into your download. The \
subscriber ruleset will continue to be published on Tuesdays and Thursdays. <br \
class=""> <br class="">
If you are a registered user (under the 30-day delay) you may also include this \
ruleset in your Snort installation to stay current. If there are SID conflicts \
when Snort starts up between the two rulesets Snort will always take the higher \
revision number or "rev". In most cases this will be the community ruleset.<br \
class=""> <br class="">
The ruleset is designed for the most recent version of Snort. (As of today, 2.9.4.1) \
This isn't to say that the ruleset won't function on older versions of Snort, \
we just design this up to date and living ruleset for the most current version \
of Snort in production.<br class=""> <br class="">
There are no shared object rules in the community rulepack.<br class="">
<br class="">
You may download the Community ruleset by editing your pulledpork.conf and \
adding the following line to your "rule_url" section:<br class=""> <code \
class="">rule_url=<a \
href="https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|C \
ommunity">https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community</a></code><br \
class=""> <br class="">
The SVN version of pulledpork also contains this functionality, and a new release of \
pulledpork will be pushed soon.<br class=""> <br class="">
The authors of the rules in the community ruleset are listed in the AUTHORS file \
inside the tarball.<br class=""> <br class="">
If you would like to submit to the community ruleset, you may do so by emailing your \
rule to vrt [at] sourcefire [dot] com. We require a pcap for the traffic your \
rule is supposed to detect, and in lieu of a pcap, references, screenshots or <i \
class="">something</i> needs to be provided to give us some indication of what \
your rule is written to fire on.<br class=""> <br class="">
Rules submitted to the VRT on the <a \
href="http://www.snort.org/community/mailing-lists" target="_blank" \
class="">Snort-sigs mailing list</a> will also go into the community ruleset \
with full attribution to the author.<br class=""> <br class="">
We look forward to working with you all and the many people that have already \
submitted rules to us in order to make this a vibrant living and breathing ruleset! \
It's been a long time coming, so thanks for being patient with us!<br class=""> \
<br class=""> If there are any questions, please send them to the Snort-sigs mailing \
list listed above! <p class=""></p>
</div></div></div></span><span style="font-size: 12px; font-family: 'Lucida Grande'; \
">--</span><br><span style="font-size: 12px; font-family: 'Lucida Grande'; "><b>Joel \
Esler</b></span><br><span style="font-size: 12px; font-family: 'Lucida Grande'; \
">Senior Research Engineer, VRT</span><br><span style="font-size: 12px; font-family: \
'Lucida Grande'; ">OpenSource Community Manager</span><br><span style="font-size: \
12px; font-family: 'Lucida Grande'; ">Sourcefire</span></span></body></html>
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic