Snort Setup Guides for Emerging Threats Prevention

Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Official Documentation

Snort Users Manual

Snort Team

Snort Users Manual (HTML)

Snort Team

Snort FAQ

Snort Team / Open Source Community

Snort Rule Infographic

Talos

Snort Setup Guides

Snort Setup Guides for Windows

WinSnort.com

Snort 3 Multiple Packet Threads Processing

Yaser Mansour

Snort 2.9.16.1 on CentOS8

Milad Rezaei

Snort 2.9.0.x with PF_RING inline deployment

Metaflows Google Group

Snort 2.9.9.x on OpenSuSE Leap 42.2

Boris Gomez

Snort StartUp Scripts

Snort Startup Script for OpenSuSE 11.4

William Parker

Snort Startup Script for CentOS

William Parker

Snort Startup Script for Fedora

William Parker

Snort Startup Script for OpenBSD 5.x

William Parker

Snort Startup Script for NetBSD 6.x

William Parker

Snort Startup Script for NetBSD 5.x

William Parker

Snort Startup Script for OpenSuSE 12.x

William Parker

Snort Deployment Guides

Snort IPS using DAQ AFPacket

Yaser Mansour

Snort IPS Tutorial

Vladimir Koychev

Changing from IDS to IPS with NFQueue

James Lay

How to make some Home Routers mirror traffic to Snort

William Parker

RSyslog rate limiting configuration

William Parker

Snort Related Whitepapers

Target Based Stream Reassembly

Judy Novak

VRT Methodology Whitepaper

Vulnerability Research Team (VRT)

Inline Normalization using Snort 2.9.0

Russ Combs

Optimization of Pattern Matches for IDS

Marc Norton

Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules

Steve Sturges

HTTP Evasions Revisited

Daniel Roelker

Target Based Fragmentation Reassembly

Judy Novak

Additional Resources

Snort VIM Configuration

Victor Roemer

DPX Readme

Snort site

Snort.conf examples

Joel Esler

dpx-1.7.tar.gz

Snort installation and configuration TechByte

Cisco & John Gay

What do the base policies mean?

Joel Esler

Rules Writers Guide to Snort 3 Rules

Yaser Mansour

Snort Supported OSes

Joel Esler

Basics of Snort Rule Writing TechByte

Cisco & Dave McDaniel

Possible Packet Loss During Reassembly for Snort IDS/IPS Sensors

William Parker

Webcast Slides

Writing Effective Rules, Part I

Matt Olney

Performance Tuning: Rules & Preprocessors

Pimp My Snort

Leon Ward

Writing Effective Rules, Part II

Matt Olney

Effective Problem Reporting: How to Get Your Problems Noticed and Fixed

Intro to Snort

Ed Mendez

Using the Host Attribute Table in Snort

OpenAppId Community Webinar

Costas Kleopa

Snort Tuning 101

Nick Moore

Using Multiconfig

John Gay

Open Source Community Webinar

Joel Esler

Introduction to Snort: Part 1

Nick Moore

OpenAppId Detection Webinar

Costas Kleopa

CONF files

snort.2091101.conf

Talos

classification.config

Talos

reference.config

Talos

Snort 3 Setup Guides

Snort 3.1.0.0 on OracleLinux 8

Yaser Mansour

Snort 3.0.0-a4 on OpenSuSe 42.3

Boris Gomez

Snort 3.1.0.0 on CentOS Stream

Yaser Mansour

Snort 3.1.0.0 on Ubuntu 18 & 20

Noah Dietrich

Snort 3 on FreeBSD 11

Yaser Mansour

Latest rule documents - Search

1-56966

This rule triggers if an HTTP request is detected being sent to a cnc server from a Win.Trojan.IceId variant.

1-56965

This rule alerts when an attempt to download an executable matching ClamAV signature Win.Malware.Kovter-9822841-0 is detected

1-56964

This rule alerts when an attempt to download an executable matching ClamAV signature Win.Malware.Kovter-9822841-0 is detected

1-56952

This rule alerts when an attempt to download an executable matching ClamAV signature Win.Packed.Medfos-9822521-0 is detected

1-56951

This rule alerts when an attempt to download an executable matching ClamAV signature Win.Packed.Medfos-9822521-0 is detected

1-56949

This rule alerts when an attempt to download an executable matching ClamAV signature Win.Malware.Stantinko-9822477-0 is detected

©2021 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter