snortconfig
snortconfig is a rules modification system for snort that is generated from a configuration file. This allows a user to keep their ruleset updated without too much of a headache. Configuration is done using a basic INI style configuration.
snortconfig supports three methods of configuration of rules. The methods are specifing what rules to apply changes to. These methods are files, sids, and classifications. This allows make broad changes to snort rules very quickly.
- LICENSE
- EXAMPLE.config An example for normal users
- HONEYNET.config - An example for honeynet users
- snortconfig.8 - snortconfig manual
NOTE
snortconfig is an executable provided by a Snort parsing module that I am maintaining. It is installed with the distribution of Net::Snort::Parser.
CVS
Download
Latest Changes
- Support for location keywords (http_uri, http_cookie, etc) available in Snort 2.8.3
- Support sub content options available in Snort 2.8.30 (Example: content:"foo", nocase;)
- More strict verification of logically unacceptable operations, such as thresholding rules should never be dropped
- Removes AUTOLOAD
- Slightly faster parsing (1 second per 2000 rules on my mac mini)