Snort mailing list archives
Re: Snort's modules
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 27 Jul 2012 10:30:05 -0400
On Fri, Jul 27, 2012 at 3:17 AM, Pratik Narang <pratik.cse.bits () gmail com>wrote:
The preproc_rules directory contains decoder.rules, preprocessor.rules and sensitive-data.rules. Surely there must be more to Snort's anomaly detection than these 4 files :) (dependencies, et al.) Where do I start looking? Start looking there and at the normalizer (see the README/manual).
If you think something should be added, please let us know.
Thanks On Wed, Jul 25, 2012 at 8:19 PM, Russ Combs <rcombs () sourcefire com> wrote:Snort signatures include decoder and preprocessor alerts which areprimarilyhow anomalous traffic is detected. Check the preproc_rules/ directory in the tarball. On Wed, Jul 25, 2012 at 8:58 AM, Pratik Narang <pratik.cse.bits () gmail com>wrote:Hi all, I have been playing around with Snort for a while now. I am beginning to wonder that apart from its Signatures being its biggest strength, whatelseare the things on which Snort relies upon? Prima facie, the preprocessor modules don't involve signatures- am I right here? Does Snort have an Anomaly engine?? If not, i would be interested in knowing how all the network stuff which cannot be detected via signatures (or you may saythat Ido not wish to use signatures) can be detected with Snort? Thanks...------------------------------------------------------------------------------Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond.Discussionswill include endpoint security, mobile security and the latest inmalwarethreats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort's modules Pratik Narang (Jul 25)
- Re: Snort's modules Joel Esler (Jul 25)
- Re: Snort's modules Russ Combs (Jul 25)
- Re: Snort's modules Pratik Narang (Jul 27)
- Re: Snort's modules Russ Combs (Jul 27)
- Re: Snort's modules Pratik Narang (Jul 27)
- <Possible follow-ups>
- Snort's modules Pratik Narang (Jul 25)