Snort book recommendations?


  • I need to spend some off-screen time learning about Snort. Mostly about preprocessors and rules I think.
    I was just going to throw a dart at one of these three books, but they are all from 2004-2007 (one of them even comes with a disk:)

    • Snort Cookbook: Solutions and Examples for Snort Administrators by Angela Orebaugh 2005
    • Managing Security with Snort and IDS Tools by Christopher Greg 2004
    • Snort IDS and IPS Toolkit (Jay Beals Open Source Security) by Brian Casewell 2007

    Will I get misled by these books because they are out of date? Any preferences or better alternatives?
    Thank you!
    Bill


  • @billl Just to be sure, did you visit here: https://www.snort.org/#documents
    Any info dated or not, will help.


  • I use the snort user manual from the snort website.

    Most of the "Book's" I have read tend to gloss over and do not go into enough
    detail.


  • Thanks folks!
    snort.org's docs would be my choice for sure, but I don't see them anywhere as an actual book. I've got some time for un-tethered reading but didn't want to print a bunch of stuff out. I'll probably just throw the dart :)


  • This quote, is from back in 2012 from an author of the third, and most recent, book in the list. The final nail in the coffin for me! I'll just stick to the snort.org documents, thanks :)

    From: Joel Esler <jesler () sourcefire com>
    Date: Wed, 25 Jan 2012 12:18:56 -0500
    Author, and the book was outdated when it was published, and people are still buying it and I still receive a check
    from it. But if I could, I'd pull the book from every shelf, because all it does is make my current job as community
    manager harder. It covered Snort version 2.6 and was written during Snort 2.5, if that tells you the age of the book.
    There were several chapters (including several mistakes in my own chapter) that are just plain wrong. I edited
    several chapters of the book, and the changes were so heavy that they deemed I essentially rewrote them, and they
    couldn't publish them as I wrote them because then the original author wouldn't get paid.