Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How can I find out more about the latest rules?

From: "Brendan Bell \(brebell\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Fri, 7 Apr 2023 13:23:11 +0000
Raimi,
I believe you will find the information you are looking for here:

https://snort.org/rule-docs/1-61554
Snort - Rule Docs <https://snort.org/rule-docs/1-61554>
Snort - Individual SID documentation for Snort rules
snort.org

________________________________
From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Ito,Raima SL2-AD <ito-raima () mki co jp>
Sent: Wednesday, April 5, 2023 6:48 AM
To: snort-sigs () lists snort org <snort-sigs () lists snort org>
Subject: [Snort-sigs] How can I find out more about the latest rules?


Hi All,



I can't get a HIT on the Rule Doc Search for the number of a recently released Talos Rule. At least, it seems that rule 
IDs listed in releases up to two months old are not HIT.

For example,



-----------------------------------------

https://www.snort.org/advisories/talos-rules-2023-04-04



2023-04-04 12:59:21 UTC

Snort Subscriber Rules Update

Date: 2023-04-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.



The format of the file is:



gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

* 1:61554 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt (os-windows.rules)

----------------------------------------



61554 Number is newly included in the signatures, but when I search for it, I don't get any HITs or details. How are 
Talos Rules managed and when will users be able to check the details?



Regards,

Raima Ito

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: