[SOLVED] snort rules

Started by Rout3rx, October 29, 2017, 08:17:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 29, 2017, 08:17:09 PM Last Edit: October 30, 2017, 09:31:03 AM by franco
hello
i updated opnsense and saw the snort compatible rules appear, i setup the plugin but i cannot install the rules which is appear in Downloads tab in intrusion system.
what can i do?
i saw a path this file:
snortrules-snapshot-2990.tar.gz
what is it?
October 29, 2017, 08:24:21 PM #1
It's a mock default value, you need the proper one and oink code anyway:

https://github.com/opnsense/plugins/blob/master/security/intrusion-detection-content-snort-vrt/src/opnsense/scripts/suricata/metadata/rules/snort-vrt.xml#L126

You find the settings underneath the download tab underneath the rules:

snort_vrt.oinkcode
snort_vrt.rulesfile

As described in https://www.snort.org/oinkcodes


Cheers,
Franco
October 29, 2017, 08:26:24 PM #2 Last Edit: October 29, 2017, 08:38:05 PM by Rout3rx
i set the oinkcode and try to download but nothing downloaded
October 29, 2017, 08:47:43 PM #3
thanks, it's goes to download after some seconds.
January 06, 2019, 07:59:00 AM #4 Last Edit: January 06, 2019, 08:01:46 AM by peter008
Where do I find the snort-vrt.xml file actually to paste the Oinkcode?

I did not find it under /usr/local/opnsense/scripts/suricata/metadata/rules .
January 06, 2019, 09:01:48 PM #5
Services: Intrusion Detection: Administration: Tab "Download" at the bottom:

snort_vrt.oinkcode   
snort_vrt.rulesfile


Cheers,
Franco
January 06, 2019, 09:02:26 PM #6
PS: Don't forget to install the os-intrusion-detection-content-snort-vrt plugin....
January 10, 2019, 10:22:09 AM #7
Ah, ok, I did not know this plugin yet (came from pfsense where it does not exist).

Works now.

Thanks a lot.
January 10, 2019, 10:49:14 AM #8
Ah great, no problem :)
Print
Go Up Pages1
User actions