Snort Rules – Download and Installation

Download the Snort Rules

The Snort rule set can be found on the SNORT Community website using the following link:

https://www.snort.org/downloads/#rule-downloads

In the Rules section, under Community, click community-rules.tar.gz to initiate the download.

 

Install the Snort Rules

To install the Snort rules on the LoadMaster, follow the steps below:

  1. On the LoadMaster Web User Interface (WUI) home screen, go to System Configuration > Miscellaneous Options > AFE Configuration. 
  2. In the Intrusion Detection Options section, beside Detection Rules, click Choose File.
  3. Browse to and select the previously download community-rules.tar.gz file.
  4. Click Install new Rules.
  5. Select the desired Detection level.

For more information on the detection levels see the AFE Configuration section of the LoadMaster WUI Configuration Guide). 

 

Deactivate/Activate the Snort Rules

The community-rules.tar.gz file can be modified by commenting out or un-commenting. This can be done by opening the file as an archive using a file archive tool such as 7-Zip:

  1. Open 7-Zip.
  2. Click File and select Open.
  3. Browse to the community-rules.tar.gz file.
  4. Double-click the file to open the archive.
  5. Continue double-clicking until the following files are visible:
    • community.rules
    • AUTHORS
    • LICENSE
    • sid-msg.map
    • VRT-License.txt
  6. Right-click community.rules.
  7. Select Edit to open the file in a text editor (the edit shortcut key is F4).
  8. Search for the desired rule by Signature ID (SID), for example sid:2067
    • To deactivate a rule, comment out the rule the rule by placing a hash symbol (#) at the begging of the line.
    • To activate a rule, un-comment the rule by deleting the # at the begging of the line.
  9. Once the modification is complete click File > Exit to close the text editor.
  10. When prompted to save the file click Yes.
Was this article helpful?

0 out of 0 found this helpful

Comments