Quote:
Originally Posted by baronobeefdip
If not then do you have any suggestions
|
Here's what Joel Esler says:
Quote:
(..) if I could, I'd pull the book from every shelf, (..) It covered Snort version 2.6 and was written during Snort 2.5, if that tells you the age of the book. There were several chapters (..) that are just plain wrong.
|
(
http://seclists.org/snort/2012/q1/175)
Quote:
It is our opinion that the Snort Reference Manual, and things that I have planned for the future will make a more effective documentation method than any static book would be.
|
(
http://seclists.org/snort/2012/q1/180)
...so according to (one of) the SourceFire people you best start with the Snort Manual (
http://manual.snort.org/). From the looks of it "Writing Snort Rules" now is part of it as chapter 3 too. Rules are easy to start with but when you have questions don't forget to tap into the power of mailing list (archives) like
http://www.snort.org/community/mailing-lists/ and
http://lists.emergingthreats.net/mailman/listinfo/ and various web logs. Yes, not having a dead tree around may suck major but until you're at the proficiency level where shelling out cash for a course becomes reality it is the cheapest, and apparently most up to date, option.