Once you’ve downloaded and installed Snort, you must download and maintain a ruleset in order for Snort to have the latest detection capabilities.
Sourcefire VRT Certified Rules
Sourcefire Vulnerability Research Team (VRT) Rules are the official rules of snort.org. Each rule is developed and tested using the same rigorous standards the VRT uses for Sourcefire customers. These rules are distributed under the VRT Certified Rules License Agreement. This license agreement allows you to study and modify VRT rules but restricts commercial redistribution. There are two ways Snort users can obtain these rules:
- Subscribers: Real-time access to VRT Certified Rules Updates requires a paid subscription.
- Registered Users: Registered users of Snort.org are able to download and use VRT rules free of charge 30 days after their initial release date
Keeping your Snort Rules Updated
Users may opt to manually download and updates rules files, however most Snort users automate the process using PulledPork, an open source perl script. If you plan on using PulledPork to manage VRT Rules updates you’ll need to login to snort.org and generate an Oinkcode to properly configure PulledPork.