Emacs major mode for editing Snort rules NOTE: Use upstream version, not this one
Emacs Lisp
Switch branches/tags
Nothing to show
Pull request Compare This branch is 24 commits behind BobuSumisu:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
test
.gitignore
README.org
snort-mode.el

README.org

Snort Major Mode

Disclaimer

This is my first project in elisp, so any tips/issues are highly welcome!

What is Snort?

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.

Features

Misc

Basic support for syntax highlighting, commenting and indentation.

Testing

Validate the syntax of the current rule file with snort-validate To test rules against a PCAP file snort-test-pcap

Functions

Go to the next Snort rule with snort-next-rule Go to the previous rule snort-previous-rule

Todo

  • Remove word lists when regexp are created? (free memory)
  • Does not support user created rule actions
  • Variable modifiers
  • Syntax table
  • Function snort-kill-rule