Sourcefire VRT Labs.
For those of you that are using Sourcefire VRT rules to protect your network with your Snort IDS/IPS installation, (as you should!). There are mappings from MS vulnerability number to SID number, in the past, you either had to be a Sourcefire customer (we make this super easy in the Policy Editor GUI) or you had to be very patient and grep your way through the rules.
However, VRT put these mappings in a super easy to use interface at the link above. Check it out.
Update:
Nigel corrected me, these mappings have always been on Snort.org, VRT just moved the hosting. Duh.
Joel Esler, Sourcefire, Snort, Immunet, ClamAV, Apple, and Network Security. This is my blog.
Subscribe to:
Post Comments (Atom)
Evernote, Omnifocus, and my productivity
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...

-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...

No comments:
Post a Comment