Refine your search:

IDS Rule Reference

0 ratings

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

Description

Provides visibility into Snort/PulledPork .rules files and Snort VRT rule documentation for tuning and general reference. See http://eyeis.net/2012/08/ids-rule-reference-for-splunk-1-0/ for screenshots.

Versions and Release Notes

Version 1.1 (current version - updated Aug 23, 2012)
release notes:

1.1 - Performance improvements

show older versions »
Version 1.0 (updated Aug 12, 2012)

posted 12 Aug '12, 17:14

bshoop's gravatar image

bshoop
40611
accept rate: 0%

new version 23 Aug '12, 19:18

One Review:
1 review, 0 ratings, average 0
oldestnewest

Just installed this and came up with the following error:

WARN IniFile - /opt/splunk/etc/apps/ids_ref/default/props.conf, line 9: Cannot parse into key-value pair: aq>[^;]+)

It seems there's a line break at the end of that line that shouldn't be there. Simply appending 

 aq>[^;]+)

to line 8 and deleting the same from line 9 fixed it :)

comments (0)

reviewed 17 Mar, 13:28

dazole's gravatar image

dazole
111
accept rate: 0%

Your review

Did you find this app useful?

Preview toggle preview

Copyright © 2005-2012 Splunk Inc. All rights reserved.