According to VRT blog …

Today the Snort Web Team made a change to the way that Snort rules are downloaded from snort.org. Hopefully this will result in faster downloads for most people. The main thing to note though is that the actual file download links have changed.

First, there is no longer any need to add an “_s” to the rule file in order to get the subscriber pack. Second, the link to the file itself has changed:

Old Link:

http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=

New Link:

http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/

You should update your PulledPork and Oinkmaster installations to reflect these changes.

Solera Networks, a leading network forensics products and services company today announced its partnership with Sourcefire, Inc. (Nasdaq:FIRE), the creators of SNORT® and a leader in intelligent Cybersecurity solutions. Solera Networks can now integrate its award-winning network forensics technology directly into Sourcefire’s event analysis. The integration enhances Sourcefire’s packet analysis functionality to include full session capture, which provides detailed forensics for any security event. The partnership enables swift incident response to any security event and provides full detail in the interest of understanding “what happened before and after a security event?”

http://www.soleranetworks.com/news/solera-networks-and-sourcefire-announce-partnership/

http://taosecurity.blogspot.com/2010/06/all-aboard-nsm-train.html

Matt Olney (of Sourcefire VRT) has read through and analyzed the “Protecting Cyberspace as a National Asset Act of 2010” (pdf), a 199 page piece of legislation introduced by Senator Lieberman (I-CT) along with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE).  It is an excellent review of the bill.

Click here to read his entire post

The Snorby virtual appliance provides a preconfigured out of the box Snorby front-end  for snort, the popular intrusion detection system . The Snorby interface is  developed by Dustin Webber. This appliance is indicated for security professionals with a depth knowledge of intrusion detection and security  monitoring.  Nevertheless beginners can use the appliance to to understand and learn about intrusion detection and network security.

Click here for notes and download

Near Real-Time Detection (Razorback) is the result of extensive research into detection of attacks hidden inside numerous layers of compression, obfuscation, and evasion techniques across multiple file formats. Razorback in its current form is a plugin to the Snort detection engine. Razorback addresses the issues with file format parsing by separating selected file types from transmitted data, which are then passed to additional detection engines either on local or distributed remote system(s). The intention is for the system to be extensible and not necessarily be a plugin for Snort.

Future development plans include providing Snort with automatic detection rule updates that an IPS deployment of Snort can use to protect the private network along with further enhancements aimed at data leak prevention. The system will also use templates to describe file types and a simple rule language to detect attacks.

Click here for code and presentation