Snort Official Documentation
The official documentation produced by the Snort team at Sourcefire
| Title | Author |
|---|---|
Snort Users Manual |
Snort Team |
| Snort FAQ | Snort Team |
Snort Users Webinar Series
View recordings of past Snort Users Webinars or download PDF copies of the slides
Installing Snort 2.8.4 on Fedora Core 10: June 12, 2009
In this edition of the Snort Users Webinar Series Nick Moore a Security Engineer with Sourcefire will discuss installing Snort 2.8.4 on Fedora Core 10. Nick’s presentation will cover a basic Snort/Base installation on a VMWare install of FC 10 with:
- MySQL 5.0.77
- Libnet 1.0.2a
- Libpcap 1.0.0
- BASE 1.4.2
- Apache 2.2.11
What’s New in Snort 2.8.4: April 22, 2009
In this webinar, Steve Kane, Snort product manager and Steve Sturges, Snort development team manager, discuss what’s new in Snort 2.8.4. Snort 2.8.4 introduced a number of new features to improve the detection capabilities and performance of Snort.
Introduction to Snort: February 27, 2008
In this webinar with Ed Mendez, Director of Instructional Design and Development, learn the basic steps necessary to install, configure and use Snort. The session covers:
- Planning a deployment
- Preparing for the install
- Software requirements
- Installing Snort
- Basic Snort operation
- Tuning strategies
Writing Effective Rules, Part I: June 04, 2008
In this latest Snort Users Webinar, Matt Olney of the Sourcefire VRT discusses the VRT’s methodology for writing effective Snort Rules and what you need to know about Snort to take on rule writing. The one-hour session covers:
- Detection theory
- Snort’s architecture
- Rule options available in Snort
Writing Effective Rules, Part II: September 17, 2008
In this session Matt Olney of the Sourcefire Vulnerability Research Team (VRT) will present Performance Rules Creation: Rules Options and Techniques. In this session Matt will look at the use of several different rule options by examining their use in published VRT rules:
- Detecting buffer overflows with content checks and isdataat, and PCRE
- Detecting attacks against the Kaminsky DNS bug with byte_test
- Parsing variable sized protocols and using byte_test for buffer overflow detection
- Fun with the content and replace keywords
Common Mistakes with Snort and How to Fix Them: Aug 20, 2008
Common Mistakes with Snort and How to fix them. In this session Joel Esler, a Sourcefire security consultant and frequent contributor to the Snort community discusses some of the most common mistakes made when configuring and using Snort and how to fix them. Topics covered in this session will include:
- Snort.conf file
- Variables
- Preprocessors
- Rules
- Barnyard and SnortUnified
Effective Problem Reporting: How to Get Your Problems Noticed and Fixed: February 23, 2009
In this session of the Snort-Users webinar series, Alex Kirk of the Sourcefire VRT discusses how to prepare a Snort rules-related bug report that will enable the VRT to help you solve the problem at hand. Discussion will include:
- Common pitfalls in false positive/negative reporting
- Steps that you should take prior to submitting a bug report for a rule
- A checklist you should use when you’re ready to submit your bug report
Using the Host Attribute Table in Snort: November 12, 2008
This session features Ed Mendez, Director of Courseware Development for the Sourcefire Education Team. Ed will discuss Using Snort’s Host Attribute Table. The session will include an overview of what you can do with it and why you might find it useful. It will also discuss how to build the attribute table file and describe the XML structures it uses. Additionally, this session will describe how you can write rules that take advantage of this feature to provide more robust detection capabilities.
