How to decipher the Oinkcode for Snort's VRT rules

Sourcefire has changed the licensing and distribution of Snort rules, and created the VRT Certified rules, which are tested and certified by the Sourcefire Vulnerability Research Team.

As an end user, you can get these rules in one of three ways:

• Pay a subscription fee to Sourcefire and get the rules as soon as they are released
• Register for free and get the rules five days after they are released to paid subscribers
• Get whatever is current with each release of the Snort engine (in other words, no updates between engine updates, which is not recommended)

There are special considerations if you are a "Snort Integrator." In any case, you need to read the FAQ at Snort.org.

If your organization is a Snort end user, you will almost certainly want to register for free and generate an Oinkcode, which will allow you to download the VRT rules. Once you have read and understood the FAQ, create an account at Snort.org and log in. At the bottom of the Account Settings page you will find a button to generate an Oinkcode, alon...

Your Oinkcode for VRT Certified rules will look like this:
http://www.snort.org/pub-bin/oinkmaster.cgi//

Example for snort 2.3:
http://www.snort.org/pub-bin/oinkmaster.cgi/5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.3.tar.gz

You can also get GPL community rules (free, no registration or Oinkcode required, very limited) from Snort.org

ABOUT THE AUTHOR:

[IMAGE]JP Vossen, CISSP, is a Senior Security Engineer for Counterpane Internet Security. He is involved with various open source projects including Snort, and has previously worked as an information security consultant and systems engineer.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Network Security Tactics,   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Network Intrusion Detection (IDS),   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Screencast: Find rogue wireless acess points with Vistumbler How to prepare for a secure network hardware upgrade Preventing SQL injection attacks: A network admin's perspective Screencast: How to launch an OpenVAS scan Wireless network guidelines for PCI DSS compliance Aligning network security with business priorities Scanning with N-Stalker offers basic Web application security assessment Lifecycle of a network security vulnerability Screencast: BackTrack 4 offers an arsenal of penetration testing tools Network access control technology: Over-hyped or underused? Network Intrusion Detection (IDS) Preventing SQL injection attacks: A network admin's perspective Lifecycle of a network security vulnerability Best Intrusion Prevention and Detection Products Rogue AP containment methods SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation Network Intrusion Detection (IDS) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Diffie-Hellman key exchange  (SearchSecurity.com) Einstein  (SearchSecurity.com) HIDS/NIDS  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) ultrasound  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.