[Oisf-users] Suricata compatability with SNORT VRT rules

Peter Manev petermanev at gmail.com
Sat Feb 7 15:18:54 UTC 2015

On Fri, Feb 6, 2015 at 8:56 AM, Earl Eiland <earl.eiland at root9b.com> wrote:
> Aldeid's Suricata evaluation notes that VRT comparability does not include
> some keywords (file_data, http_raw_uri were mentioned) and that IOFS was
> working integrate them.  The test was in 2011, does Suricata now have all of
> the VRT keywords integrated?

Not all.
Do you have some specific keywords in mind ?
If you do  "suricata --list-keywords" you will be displayed a list of
the currently supported keywords by the engine.

> Best Regards,
> Earl Eiland,
> Sr. Cyber Security Engineer,
> Emerging Technologies, root9B,
> San Antonio, Texas
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity named.  If you are not the
> named addressee you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited.  Please notify the sender immediately by email if you
> received this email in error and delete this email from your system. Any
> views or opinions presented in this e-mail are solely those of the author
> and do not necessarily represent those of root9B LLC.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/

Peter Manev

More information about the Oisf-users mailing list