I've had a few questions about when SnortCenter 2.x will work with the new 2.4 rule sets. I wanted to let everyone know that I am working on it but have a few other projects I need to finish before I can get back to it. I would be able to get to it by the end of October.
I have released a new version of SnortCenter 2.x. This release provides the functionality to allow you to to bring in rules from SourceFire VRT, SourceFire Community, and also Bleeding Snort. To accomplish this we have created a script that goes out and downloads all the archives from their various sources and then combines them into one source and makes them available to snortcenter via the same webserver that hosts the console. The user then simply has to point the snortcenter config at that location and proceed like normal.
There are some changes that need to be made for SnortCenter 2.x to work with the new snort site. I am looking into them and will try to get an update posted as soon a possible.
I've just pushed out packages for both the console and the linux agent. You can get them from the files section. They should now support the ans1 variable that was missing.
Hello all, Sorry that I haven't had much time in the last few weeks to do any work on SC2. I'll starting to look at what I need to do again and hope to make some headway soon
I made some changes this weekend. All of them have been added to the CVS. I have also removed the tar file I get some more changes made.
Right now the TODO list has the following issues.
1. Update Rules is not working for byte_jump, byte_test, and isdataat.
2. The preprocessors still need work.
Currently there problems with rules that contain byte_jump and byte_test. They are not being placed back together. I am lookin into it.