snort rule search in snort.org

The updated VRT Rule Search feature is now live on Snort.org.  Check it out at: http://snort.org/search

Full text search supports the following:
– Single keyword or SID search (ex ? ‘windows’, ‘mysql’, ‘linux’)
– Multiple keyword search (ex ? ‘windows 2000’, ‘mysql 4.10’)
– Multiple keyword search with terms joined by the AND, OR, and NOT boolean operators (ex ? ‘windows AND 2000 NOT xp’)
You can also search by rule fields to narrow your search results.  The available fields are:
– keyword
– cve
– bugtraq
– sid
See the search instructions at: http://snort.org/rule-search-instructions for more information on using the enhanced search capabilities.

For those of you using BASE, keep an eye out for an upcoming release.  Kevin and the BASE team will be updating the direct links back to Snort.org for rules documentation.

Finally, the next enhancement will be to add the ability to search by Microsoft advisory number.  We’ll make an announcement when that feature is enabled.

We’d love your feedback,  please email any comments or enhancement requests to snort-site@sourcefire.com.  Our web developers monitor this list.

Advertisements

About this entry