VRT: APT: Should your panties be in a bunch, and how do you un-bunch them?.
I don’t know how to say it anymore than this:
Matt Olney wrote a damn, a DAMN good post about APT on the VRT blog, and if you read my blog, and you don’t go over to the VRT blog and [...]
Sourcefire VRT Labs.
For those of you that are using Sourcefire VRT rules to protect your network with your Snort IDS/IPS installation, (as you should!). There are mappings from MS vulnerability number to SID number, in the past, you either had to be a Sourcefire customer (we make this super easy in the Policy Editor GUI) [...]
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people sometimes misunderstand. They aren’t difficult, and hopefully after this explanation and a few examples, I can clear some of the air around these five modifiers.
The five modifiers that I am talking [...]
Hogger is a new Snort supportive tool written in Perl. It takes Nmap output and makes a Host Attribute Table.
via Security – The Global Perspective: Hogging the Snort Host Attribute Table.
I talked about the above here.
Let me start off by saying I’m not bashing the writer of this article, and I’m trying not to be super critical. I don’t want to discourage this person from writing articles about Snort rules. It’s great when people in the Snort community step up and explain some simple things out there. There are mistakes, [...]
Tuning Snort with Host Attribute Tables – CSO Online – Security and Risk.
Here is an article I wrote for CSO magazine, thought the readers of my blog might like to check it out as well.
I was asked to write a fairly technical article for CSO magazine about Snort, the problem is, which part of Snort [...]
In my To-Do list, I have a section for Blog topics that I think of in $random_place and I want to jot down for brainstorming later. This topic has been on my to-do list for about a year.
I was standing on a stage giving a speech at a military base, in about 2004. The people [...]
Awhile back here on this blog I wrote about PulledPork 0.3.4 being released and about the VRT making the “Connectivity, Balanced, and Security over Connectivity” policies. Also about how you can use PulledPork to automate the updating of your open source Snort rules to take advantage of these recommendations.
Around about the same time VRT put [...]
I know plenty of you that read my blog are interested in Snort Rules, and are always open to the management of Snort rules in an easier fashion. Often, in the past our (our being the ‘Snort Professionals’) recommendation has been “Oinkmaster”. Perl program, pretty stable, kept rules up to date and such. Well, Oinkmaster [...]
Getting Things Done, or “GTD” for short, as I’ve blogged about before, several times, is a method of personal organization with a focus on accomplishing tasks. It’s great for applying to email (Inbox Zero) and it’s great for organization of your personal life (read some of the articles I’ve written before, particularly this one).
Some IDS [...]