[Oisf-users] transforming incompatible SNORT rules into Suricata format

Peter Manev petermanev at gmail.com
Sat Feb 7 15:21:07 UTC 2015

On Fri, Feb 6, 2015 at 9:15 AM, Earl Eiland <earl.eiland at root9b.com> wrote:
> According to the pfSense forum, there are around 700 SNORT VRT rules
> Suricata cannot parse.  Has anyone tried transforming them into Suricata
> format?  Or perhaps they are included in the ET rule set?

I am not sure of what exactly are those 700 rules covering but you
might want to consider mapping those to ET/ETPro rules(set) which
makes better use of Suricata features.

> Best Regards,
> Earl Eiland,
> Sr. Cyber Security Engineer,
> Emerging Technologies, root9B,
> San Antonio, Texas
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity named.  If you are not the
> named addressee you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited.  Please notify the sender immediately by email if you
> received this email in error and delete this email from your system. Any
> views or opinions presented in this e-mail are solely those of the author
> and do not necessarily represent those of root9B LLC.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/

Peter Manev

More information about the Oisf-users mailing list