Rules tab – Network Instruments GigaStor 114ff User Manual

Forensic Analysis Profile field descriptions
Chapter 6 Forensic Analysis using Snort

106

rev. 1

Rules tab

The web site www.snort.org provides Snort rule documentation, and
downloadable rule sets. There are three sets of rules available at
www.snort.org: Community Rules (which are available to anyone with
a web browser), and three versions of the Vulnerability Response
Team (VRT) Certified Rule Set. The most recent rule updates are
available to paid subscribers only; non-paying registered users have
access to the VRT Rule Set 30 days after subscribers, and unregistered
users have access to snapshots of the rule sets that are distributed with
Snort releases. All of the rule sets are distributed as tar archives;
download the desired rule set and extract the archive to a directory
that is accessible to the Observer console.

Although it is recommended that you eventually register for at least
the Certified Rule Set, here are the steps for obtaining the Snort
release snapshot distribution. If you need archive software that can
extract tar files, www.7-zip.org has a free, open source utility that
handles most of the popular archive formats, including tar.

1

Go to www.snort.org. Click the Rules link on the left side banner.
This displays the VRT rules main page.

2

Click the Download Rules link located on the right side banner.

3

Click the link to Sourcefire VRT Certified Rules (unregistered
user release).

4

Click the Download button for the most recent unregistered user
release. Save the file (which should have a name something like
snortrules-pr-2.4.tar.gz).

5

Extract the rules directory from the archive you downloaded to a
directory that is accessible to the GigaStor.