Update Snort Rules

Top  Previous  Next

Snort rules are similar to virus signatures, they have to be updated regularly. There are 2 regularly, reasonable rule sources.

 

VRT rules: Vulnerability Research Team rules are the recommended ones. They are maintained directly from Sourcefire and are well tested. You have to sign in for an snort account at snort.org to get the necessary oinkcode. There are 2 possibilities, just registering which is free or paying for the rules ($1800/year). If you have chosen to pay for the rules, you get the rules 5 days earlier as the ones who are just registered.
Community rules: Community rules are rules from users for users. These rules are released regularly, but they are not tested very well. The better choice are the VRT rules.        

 

ATTENTION: In order to use the VRT rules, you have to register at snort.org and get an oinkcode to update the rules.