Step 1

Find the appropriate package for your operating system and install.

wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz
                      
wget https://www.snort.org/downloads/snort/snort-2.9.16.1.tar.gz
tar xvzf daq-2.0.7.tar.gz
                      
cd daq-2.0.7
./configure && make && sudo make install
tar xvzf snort-2.9.16.1.tar.gz
                      
cd snort-2.9.16.1
./configure --enable-sourcefire && make && sudo make install
Downloads
yum install https://www.snort.org/downloads/snort/
                      
yum install https://www.snort.org/downloads/snort/snort-2.9.16.1-1.f32.x86_64.rpm
yum install https://www.snort.org/downloads/snort/
                      
yum install https://www.snort.org/downloads/snort/snort-2.9.16.1-1.centos8.x86_64.rpm
pkg install snort
execute: Snort_2_9_16_1_Installer.x86.exe
Step 2
Sign up/Subscribe

Sign up and get your Oinkcode. We recommend that everyone subscribe to get the latest detections. For those unable to subscribe, creating an account on Snort.org will still give you access to the registered user rule packages.

Step 3

Stay current with the latest updates using PulledPork

wget https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz
tar -xvzf community-rules.tar.gz -C /etc/snort/rules
Download the rule package that corresponds to your Snort version, for more information on how to retreive your oinkcode.
wget https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2983.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-3000.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-3000.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29111.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29130.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29130.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29141.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29141.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29150.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29151.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29160.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29160.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29161.tar.gz
tar -xvzf snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2983.tar.gz
snortrules-snapshot-3000.tar.gz
snortrules-snapshot-29111.tar.gz
snortrules-snapshot-29130.tar.gz
snortrules-snapshot-29141.tar.gz
snortrules-snapshot-29150.tar.gz
snortrules-snapshot-29151.tar.gz
snortrules-snapshot-29160.tar.gz
snortrules-snapshot-29161.tar.gz
Download the rule package that corresponds to your Snort version, for more information on how to retreive your oinkcode.
wget https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-2983.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-3000.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-3000.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29111.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29130.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29130.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29141.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29141.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29150.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29151.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29160.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29160.tar.gz
wget https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29161.tar.gz
tar -xvzf snortrules-snapshot-<version>.tar.gz -C /etc/snort/rules
Downloads
opensource.gz
snortrules-snapshot-2983.tar.gz
snortrules-snapshot-3000.tar.gz
snortrules-snapshot-29111.tar.gz
snortrules-snapshot-29130.tar.gz
snortrules-snapshot-29141.tar.gz
snortrules-snapshot-29150.tar.gz
snortrules-snapshot-29151.tar.gz
snortrules-snapshot-29160.tar.gz
snortrules-snapshot-29161.tar.gz
Step 4
Read Docs

For more details please reference our install guides on the documents page.

What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
What is Snort?
It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on the name below.
Official Documentation
Snort Team / Open Source Community
Additional Resources
Webcast Slides
Submit a False Positive
Please sign in and click the false positives tab in your account dashboard
Rule Docs
1-43221
This event is generated when activity relating to malware is detected. Impact: Serious. Possible existance of malware on the target host. Details: This activity is indicative of malware activity on a host. In this case the MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server was detected. Ease of Attack: Simple. This may be an indication of a malware infestation.
1-43179
None provided
1-43169
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496. Impact: CVSS base score 7.5 CVSS impact score 5.9 CVSS exploitability score 1.6 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
With over 5 million downloads and over 600,000 registered users, it is the most widely deployed intrusion prevention system in the world.
With over 5 million downloads and over 600,000 registered users, it is the most widely deployed intrusion prevention system in the world.