[Oisf-users] transforming incompatible SNORT rules into Suricata format
Peter Manev
petermanev at gmail.com
Sat Feb 7 15:21:07 UTC 2015
On Fri, Feb 6, 2015 at 9:15 AM, Earl Eiland <earl.eiland at root9b.com> wrote:
> According to the pfSense forum, there are around 700 SNORT VRT rules
> Suricata cannot parse. Has anyone tried transforming them into Suricata
> format? Or perhaps they are included in the ET rule set?
>
I am not sure of what exactly are those 700 rules covering but you
might want to consider mapping those to ET/ETPro rules(set) which
makes better use of Suricata features.
>
> Best Regards,
>
> Earl Eiland,
> Sr. Cyber Security Engineer,
> Emerging Technologies, root9B,
> San Antonio, Texas
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity named. If you are not the
> named addressee you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited. Please notify the sender immediately by email if you
> received this email in error and delete this email from your system. Any
> views or opinions presented in this e-mail are solely those of the author
> and do not necessarily represent those of root9B LLC.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list