Snort.Conf Samples

AllProjects

SnortConfSamples

The goal of this page is to make a set of sample snort.conf files, and some samples for using other common tools with data from Emerging Threats. These will represent different size and goal installs of snort. We do not intend to provide snort.conf files that you can use without modification or understanding, but guides to help you benefit from the experience of the community as a whole.

We welcome submissions and tips to improve these files, as well as ideas for new types of configs to add.

This page is maintained by JamesMcQuaid

Diagram portraying home network defended by multiple layers of Snort Inline:

What Every Snort User Should Do

What Every Snort User Should Do: What to add to your local ruleset that's not in the main rulesets: http://doc.emergingthreats.net/bin/view/Main/WhatEverySnortUserShouldDo

Want some guidance on using the Emerging Threats Rulesets for the first time? http://doc.emergingthreats.net/bin/view/Main/NewUserGuide

Need tips on writing rules? http://doc.emergingthreats.net/bin/view/Main/SnortSigs101

Suricata is the next generation IDS/IPS engine, and we will be featuring configuration samples in the near future.

HoneywallSamples - includes Honeywall and Smoothwall Snort config files, installation and usage tutorials, and DNS Black hole files for Smoothwall (ideal for home users new to a firewall server)

EmergingFirewallRules

RussianBusinessNetwork (includes resources for blocking the RBN ISP's former customers, and other organized crime networks).

WebBasedResearchTools

SuricataUbuntuSetup

FirekeeperforFirefox

Main

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback