Snort detection signatures

system · December 31, 2008, 11:16am

I would like to see CAV to support Snort detection signatures, such as these - Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US

Best regards

rhgtyink · December 31, 2008, 11:23am

+1 :-TU

I’d like to see Snort support for sure, but that will be mainly NIPS and not only AV.
Kerio used it, i had some home tuned rules in that, very nice :-))

system · December 31, 2008, 11:24am

who_te_fuc · January 8, 2009, 8:08pm

Is this “solution” widely used?
Seems kinda cool…

rhgtyink · January 8, 2009, 8:15pm

Your talking about Snort being widely used ?
Yes it is mostly for Enterprises because it takes a lot of time and knowledge to “tune” a Snort Sensor to only alert on “real” danger. Basically is a NIDS Network Intrusion Detection/Prevention System.

It listens to passing network traffic and looks for patterns that are suspicious, but i a large environment you will also have to deal with a lot of false-positives. And you have to verify an Alert to make sure it’s not.
So it takes a lot of time to maintain a full Network IDS.

CIS could benefit from a scaled down version of this and block known bad network attacks and “replace” that with their current “Attack Detections” settings/engine.

who_te_fuc · January 10, 2009, 1:51pm

Sound like this is über good.
Can I somehow install snort along with CIS?

+1… I vote for it!

rhgtyink · January 10, 2009, 7:26pm

yep no problem here is the installer for win32:

http://www.snort.org/dl/binaries/win32/

The “Doc” file from snort on how to install on XP

http://www.snort.org/docs/setup_guides/Snort%20Windows%20XP%20Guide.txt

Have fun playing around.