I was meaning to send this for a while, but didn't have time. Attached
is a patch (I hope Ivan sees it) to fix the snort2modsec script so
that it only tries to generate filters for the Snort rules which are
related to HTTP attacks (otherwise, there are a lot of definitions
which are just not correct). It will also add the SID (Snort ID) to
the comment so it's easier to track what rule generated which filter.
Attached is also a sample output from the latest Snort ruleset.
Get latest updates about Open Source Projects, Conferences and News.