Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Snort Setup Guides
Snort 3.0.3 on CentOS8
Yaser Mansour
Snort 2.9.0.x with PF_RING inline deployment
Metaflows Google Group
Snort 3 on Ubuntu 18 & 19
Noah Dietrich
Snort 3.0.0-a4 on OpenSuSe 42.3
Boris Gomez
Snort 2.9.9.x on OpenSuSE Leap 42.2
Boris Gomez
Snort Setup Guides for Windows
WinSnort.com
Snort 2.9.16.1 on CentOS8
Milad Rezaei
Snort 3 on FreeBSD 11
Yaser Mansour
Snort Deployment Guides
Snort IPS Tutorial
Vladimir Koychev
How to make some Home Routers mirror traffic to Snort
William Parker
RSyslog rate limiting configuration
William Parker
Changing from IDS to IPS with NFQueue
James Lay
Snort IPS using DAQ AFPacket
Yaser Mansour
Snort Related Whitepapers
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules
Steve Sturges
HTTP Evasions Revisited
Daniel Roelker
Target Based Fragmentation Reassembly
Judy Novak
VRT Methodology Whitepaper
Vulnerability Research Team (VRT)
Optimization of Pattern Matches for IDS
Marc Norton
Target Based Stream Reassembly
Judy Novak
Inline Normalization using Snort 2.9.0
Russ Combs
Webcast Slides
Using the Host Attribute Table in Snort
Intro to Snort
Ed Mendez
Effective Problem Reporting: How to Get Your Problems Noticed and Fixed
Using Multiconfig
John Gay
OpenAppId Detection Webinar
Costas Kleopa
Writing Effective Rules, Part II
Matt Olney
Introduction to Snort: Part 1
Nick Moore
Performance Tuning: Rules & Preprocessors
Open Source Community Webinar
Joel Esler
Pimp My Snort
Leon Ward
Writing Effective Rules, Part I
Matt Olney
OpenAppId Community Webinar
Costas Kleopa
Snort Tuning 101
Nick Moore
CONF files
classification.config
Talos
reference.config
Talos
snort.2091101.conf
Talos
Latest rule documents - Search
1-43221
This event is generated when activity relating to malware is detected. Impact: Serious. Possible existance of malware on the target host. Details: This activity is indicative of malware activity on a host. In this case the MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server was detected. Ease of Attack: Simple. This may be an indication of a malware infestation.
1-43179
None provided
1-43169
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496. Impact: CVSS base score 7.5 CVSS impact score 5.9 CVSS exploitability score 1.6 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
1-43048
Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors. Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:
1-42915
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution. Impact: CVSS base score 7.8 CVSS impact score 5.9 CVSS exploitability score 1.8 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
1-42913
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution. Impact: CVSS base score 7.8 CVSS impact score 5.9 CVSS exploitability score 1.8 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack: