Snort Setup Guides for Emerging Threats Prevention

Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Official Documentation

Snort Users Manual (HTML)

Snort Team

Snort FAQ

Snort Team / Open Source Community

Snort Users Manual

Snort Team

Snort Setup Guides

Snort 2.9.8.x on Fedora 22

William Parker

Snort Setup Guides for Windows

WinSnort.com

Snort 2.9.8.x on Ubuntu 12 LTS and 14 LTS and 15

Noah Dietrich

Snort 2.9.8.x on OpenSuSE 13x

William Parker

Snort 2.9.8.x on CentOS 6.x and 7.x

William Parker

Snort 2.9.8.x on Fedora 17/18/19

William Parker

Snort 2.9.8.x on OpenBSD 5.x

William Parker

Snort 2.9.0.x with PF_RING inline deployment

Metaflows Google Group

Snort 2.9.8.x on NetBSD 5.1.x

William Parker

Snort 2.9.8.x on OpenSuSE 12x

William Parker

Snort StartUp Scripts

Snort Startup Script for OpenSuSE 11.4

William Parker

Snort Startup Script for CentOS

William Parker

Snort Startup Script for Fedora

William Parker

Snort Startup Script for OpenSuSE 12.x

William Parker

Snort Startup Script for OpenBSD 5.x

William Parker

Snort Startup Script for NetBSD 6.x

William Parker

Snort Startup Script for NetBSD 5.x

William Parker

Snort Deployment Guides

RSyslog rate limiting configuration

William Parker

Changing from IDS to IPS with NFQueue

James Lay

Snort IPS Tutorial

Vladimir Koychev

Integrating Snort and AlienVault OSSIM

William Parker

Snort IPS using DAQ AFPacket

Yaser Mansour

How to make some Home Routers mirror traffic to Snort

William Parker

Snort Related Whitepapers

VRT Methodology Whitepaper

Vulnerability Research Team (VRT)

Optimization of Pattern Matches for IDS

Marc Norton

Target Based Fragmentation Reassembly

Judy Novak

HTTP Evasions Revisited

Daniel Roelker

Inline Normalization using Snort 2.9.0

Russ Combs

Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules

Steve Sturges

Target Based Stream Reassembly

Judy Novak

Additional Resources

DPX Readme

Snort site

Snort.conf examples

Joel Esler

dpx-1.7.tar.gz

Snort Supported OSes

Joel Esler

Snort VIM Configuration

Victor Roemer

Possible Packet Loss During Reassembly for Snort IDS/IPS Sensors

William Parker

Webcast Slides

OpenAppId Community Webinar

Costas Kleopa

Using the Host Attribute Table in Snort

Intro to Snort

Ed Mendez

Introduction to Snort: Part 1

Nick Moore

Open Source Community Webinar

Joel Esler

OpenAppId Detection Webinar

Costas Kleopa

Writing Effective Rules, Part II

Matt Olney

Pimp My Snort

Leon Ward

Effective Problem Reporting: How to Get Your Problems Noticed and Fixed

Writing Effective Rules, Part I

Matt Olney

Performance Tuning: Rules & Preprocessors

Using Multiconfig

John Gay

Snort Tuning 101

Nick Moore

Latest rule documents - Search

1-30803

BROWSER-IE Microsoft Internet Explorer VML use after free attempt

1-39052

MALWARE-CNC Win.Trojan.Adialer variant outbound connection attempt

1-39051

BLACKLIST DNS request for known malware domain adsl.carpediem.fr - Win.Trojan.Adialer

1-39050

FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0145 attack attempt

1-39049

FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0145 attack attempt

1-39048

FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0169 attack attempt

©2016 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter