Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Request] Snort VRT categories list cleanup

    IDS/IPS
    2
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      Currently, the following categories are empty, abandoned and not coming back:

      
snort_attack-responses.rules
snort_backdoor.rules
snort_bad-traffic.rules
snort_botnet-cnc.rules
snort_chat.rules
snort_ddos.rules
snort_dns.rules
snort_dos.rules
snort_experimental.rules
snort_exploit.rules
snort_finger.rules
snort_ftp.rules
snort_icmp-info.rules
snort_icmp.rules
snort_imap.rules
snort_info.rules
snort_misc.rules
snort_multimedia.rules
snort_mysql.rules
snort_nntp.rules
snort_oracle.rules
snort_other-ids.rules
snort_p2p.rules
snort_phishing-spam.rules
snort_policy.rules
snort_pop2.rules
snort_pop3.rules
snort_rpc.rules
snort_rservices.rules
snort_scada.rules
snort_scan.rules
snort_shellcode.rules
snort_smtp.rules
snort_snmp.rules
snort_specific-threats.rules
snort_spyware-put.rules
snort_telnet.rules
snort_tftp.rules
snort_virus.rules
snort_voip.rules
snort_web-activex.rules
snort_web-attacks.rules
snort_web-cgi.rules
snort_web-client.rules
snort_web-coldfusion.rules
snort_web-frontpage.rules
snort_web-iis.rules
snort_web-misc.rules
snort_web-php.rules

      @bmeeks: On next package update, it would be nice to get rid of this useless clutter in the GUI. Upstream planned to "delete them soon" – 2 years ago - probably not gonna ever happen.  ::) It's almost half of the categories pointlessly bloating the GUI list.

      Thanks for considering.  ;)

      P.S. While at it, emerging-rbn-malvertisers.rules and emerging-rbn.rules from ET are also abandoned forever.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Yeah, I was hoping upstream would take care of it eventually.  Right now I just extract the contents of the rules tarball "as is" from the vendors.  Since the cleanup appears to maybe never be happening, I will see about removing them myself.

        Bill

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          This change is coded and has been successfully tested.  I use a plain text file called deprecated_rules in the base Snort RULES directory to determine which categories are obsolete and should be removed.  I built the initial file using @doktornotor's list.  Future updates will be as simple as adding the category file name to the text file.  This change will be in the next Snort package update which should be out soon.

          Bill

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @bmeeks:

            This change will be in the next Snort package update which should be out soon.

            Excellents, thanks! Going to do the same for suricata as well?

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks
              last edited by

              @doktornotor:

              Excellents, thanks! Going to do the same for suricata as well?

              Yeah, I will port the same fixes/features in Snort over to Suricata.  The Suricata GUI code was cloned from Snort's anyway, so they share a ton of functions with identical code.

              Bill

              1 Reply Last reply Reply Quote 0
              • First post
                Last post