Today the Snort Web Team made a change to the way that Snort rules are downloaded from snort.org. Hopefully this will result in faster downloads for most people. The main thing to note though is that the actual file download links have changed.
First, there is no longer any need to add an “_s” to the rule file in order to get the subscriber pack. Second, the link to the file itself has changed:
Solera Networks, a leading network forensics products and services company today announced its partnership with Sourcefire, Inc. (Nasdaq:FIRE), the creators of SNORT® and a leader in intelligent Cybersecurity solutions. Solera Networks can now integrate its award-winning network forensics technology directly into Sourcefire’s event analysis. The integration enhances Sourcefire’s packet analysis functionality to include full session capture, which provides detailed forensics for any security event. The partnership enables swift incident response to any security event and provides full detail in the interest of understanding “what happened before and after a security event?”
Matt Olney (of Sourcefire VRT) has read through and analyzed the “Protecting Cyberspace as a National Asset Act of 2010” (pdf), a 199 page piece of legislation introduced by Senator Lieberman (I-CT) along with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). It is an excellent review of the bill.
The Snorby virtual appliance provides a preconfigured out of the box Snorby front-end for snort, the popular intrusion detection system . The Snorby interface is developed by Dustin Webber. This appliance is indicated for security professionals with a depth knowledge of intrusion detection and security monitoring. Nevertheless beginners can use the appliance to to understand and learn about intrusion detection and network security.
Near Real-Time Detection (Razorback) is the result of extensive research into detection of attacks hidden inside numerous layers of compression, obfuscation, and evasion techniques across multiple file formats. Razorback in its current form is a plugin to the Snort detection engine. Razorback addresses the issues with file format parsing by separating selected file types from transmitted data, which are then passed to additional detection engines either on local or distributed remote system(s). The intention is for the system to be extensible and not necessarily be a plugin for Snort.
Future development plans include providing Snort with automatic detection rule updates that an IPS deployment of Snort can use to protect the private network along with further enhancements aimed at data leak prevention. The system will also use templates to describe file types and a simple rule language to detect attacks.
On behalf of the Snort Team at Sourcefire, I’d like to invite you to attend the next session of the Snort Users Webinar Series.
In this webinar Steve Sturges Snort development team manager will discuss Snort Performance Tuning – Rules and Preprocessors
This discussion will focus on guidelines for tuning Snort based on performance statistics from rule and preprocessor profiling and the perfmon preprocessor. It is intended to help Snort administrators when tuning and troubleshooting performance issues. The discussion may also be useful to Snort rule writers for measuring the potential performance impact of their rules
Webinar details:
Date: November 9, 2009
Time: 10:00 AM US Eastern Standard Time (GMT -5:00))
One of the many things that occupy the time of the VRT is reviewing rule performance data, whether that data is internally generated from one of our test environments or received from customer reports. In the “Rule Performance? series of blog posts, we’ll look at the set of issues that encompass the problematic rule constructs that we’ve found most significantly impact the performance of Snort sensors. Hopefully you can use this information to add additional detection capability customized to your environment without adding undue processing load.
Below are 6 screencasts by by Tomasz Kojm discussing: an overview of ClamAV, architecture, deployment and installation, detection mechanism, and troubleshooting.
The New York Snort User Group currently meets on a monthly basis at CipherTechs in downtown New York City to openly discuss network security with a focus on the open source IDS Snort. If you are interested in joining us, please sign up to the mailing list.