Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort book recommendations?

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 3 Posters 549 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • billlB
      billl
      last edited by

      I need to spend some off-screen time learning about Snort. Mostly about preprocessors and rules I think.
      I was just going to throw a dart at one of these three books, but they are all from 2004-2007 (one of them even comes with a disk:)

      • Snort Cookbook: Solutions and Examples for Snort Administrators by Angela Orebaugh 2005
      • Managing Security with Snort and IDS Tools by Christopher Greg 2004
      • Snort IDS and IPS Toolkit (Jay Beals Open Source Security) by Brian Casewell 2007

      Will I get misled by these books because they are out of date? Any preferences or better alternatives?
      Thank you!
      Bill

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @billl
        last edited by

        @billl Just to be sure, did you visit here: https://www.snort.org/#documents
        Any info dated or not, will help.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • I
          Impatient
          last edited by

          I use the snort user manual from the snort website.

          Most of the "Book's" I have read tend to gloss over and do not go into enough
          detail.

          1 Reply Last reply Reply Quote 0
          • billlB
            billl
            last edited by

            Thanks folks!
            snort.org's docs would be my choice for sure, but I don't see them anywhere as an actual book. I've got some time for un-tethered reading but didn't want to print a bunch of stuff out. I'll probably just throw the dart :)

            1 Reply Last reply Reply Quote 0
            • billlB
              billl
              last edited by

              This quote, is from back in 2012 from an author of the third, and most recent, book in the list. The final nail in the coffin for me! I'll just stick to the snort.org documents, thanks :)

              From: Joel Esler <jesler () sourcefire com>
              Date: Wed, 25 Jan 2012 12:18:56 -0500
              Author, and the book was outdated when it was published, and people are still buying it and I still receive a check
              from it. But if I could, I'd pull the book from every shelf, because all it does is make my current job as community
              manager harder. It covered Snort version 2.6 and was written during Snort 2.5, if that tells you the age of the book.
              There were several chapters (including several mistakes in my own chapter) that are just plain wrong. I edited
              several chapters of the book, and the changes were so heavy that they deemed I essentially rewrote them, and they
              couldn't publish them as I wrote them because then the original author wouldn't get paid.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.