Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Documentation
official test doc
Nicolette Verbeck
This is a test document for rails 4.2
Nicolette Verbeck
Test by winnie
Official Documentation
Snort User Manual
Snort Team
Preprocessor Documentation

All preprocessor docs from the Snort tarball are linked here for simple indexing and reading. Download these documents individually from the snort-faq repository.


README.GTP
README.PLUGINS
README.PerfProfiling
README.SMTP
README.UNSOCK
README.WIN32
README.active
README.alert_order
README.asn1
README.counts
README.csv
README.daq
README.dcerpc2
README.decode
README.decoder_preproc_rules
README.dnp3
README.dns
README.event_queue
README.file
README.file_ips
README.filters
README.flowbits
README.frag3
README.ftptelnet
README.gre
README.ha
README.http_inspect
README.imap
README.ipip
README.ipv6
README.modbus
README.multipleconfigs
README.normalize
README.pcap_readmode
README.pop
README.ppm
README.reload
README.reputation
README.rzb_saac
README.sensitive_data
README.sfportscan
README.sip
README.ssh
README.ssl
README.stream5
README.tag
README.thresholding
README.unified2
README.variables
Latest rule documents - Search
1:64765
123b
1:66212
234
1:66213
No explanation given.
1:66210
THis rule is bogus and doesnt actually work but if you are seeing this on staging.snort.org then success!
1:66099
2222
1:566
This event is generated when network traffic indicating the use of an application or service that may violate a corporate security policy. Impact: This may be a violation of corporate policy since some applications can be used to bypass security measures designed to restrict the flow of corporate information to destinations external to the corporation. In some instances this event may indicate behavior contrary to best security practices. Details: This event may indicate a violation of corporate policy. It may also indicate the use of services or applications that may be the antithesis of best security practices. Ease of Attack: Not applicable