|
|
|
|
What is
Snort?
SNORT® is an open source network intrusion prevention
and detection system utilizing a rule-driven language, which combines
the benefits of signature, protocol and anomaly based inspection
methods. With millions of downloads to date, Snort is the most widely
deployed intrusion detection and prevention technology worldwide and
has become the de facto standard for the industry.
|
|
|
|
We’re pleased to introduce our first beta release built on the new Snort 3.0 architecture. SnortSP is an open-source platform for running packet-based network security applications, including the Snort 2.8.2.1 detection engine. SnortSP introduces a new shell-based user interface, a multi-threaded execution module, native IPv6 support, performance improvements, and more.
Get more info on SnortSP here. |
| Snort Users Webcast Series |
|
Writing Effective Rules Part II
In this session Matt Olney of the Sourcefire Vulnerability Research Team (VRT) will present Performance Rules Creation: Rules Options and Techniques. Covers: detecting buffer overflows with content checks and isdataat, and PCRE | detecting attacks against the Kaminsky DNS bug with byte_test | more.
More info and webcast access | download the slides
Common Mistakes with Snort and How to Fix Them
In this latest Snort Users Webcast, Joel Esler, a Sourcefire security consultant and frequent contributor to the Snort community discusses fixes to some of the most common mistakes made when configuring and using Snort. Covers: Snort.conf file | Variables | Preprocessors | Rules | Barnyard and SnortUnified
View the webcast
|
| Document Spotlight |
 Sourcefire Vulnerability
Research Team (VRT) White Paper
White Paper covering the capabilities and
processes followed by the Sourcefire VRT in writing rules.
Get it here. |
|
|
|
|
|
|
