SNORT rules for office network scenario

Hi,

I am looking for some test cases I can include in a virtual network to create rules that can make sense in an office scenario, like prohibiting social media, proxies, etc. Any ideas are appreciated, so that I will apply rules according to a particular test case. Any difficulty level, and the more original they are, the better!

Thanks in advance
Robert MuscatAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daryl BamforthTechnical ExpertCommented:
Your best bet is to go through the rule-sets available on SNORTs web site. They have a whole range of rules that have been built up overtime that are free to use. You can also opt to subscribe to get them 30days quicker than normal, registered users (essential for 0 day vulnerabilities). The list of their rule-set explanations are here

https://www.snort.org/rules_explanation

Which includes a nice short description so you can search for strings of interest to you (such as 'social media').
0
Robert MuscatAuthor Commented:
I actually require scenarios which default SNORT rules don't capture. Custom scenarios where I can craft rules for these custom scenarios hopefully.
0
Daryl BamforthTechnical ExpertCommented:
Realistically the only way to get a good set of custom rules is to look at exactly what you need to achieve ... and then writing it yourself, for your scenario. Anyone that has created rules not provided by snort are not likely to share them as they will be bespoke to their scenario. Creating rules is not an overtly difficult task .. if you know or can identify exactly what it is you want to achieve .. and there a number of good guides online. I have listed a couple here.

The full section on writing snort rules is here, it has a number of examples throughout.
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html

This takes you through building a rule.
http://archive.oreilly.com/pub/h/1393
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daryl BamforthTechnical ExpertCommented:
Instructions on creating custom rules.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.