December 2015
Porkroll – A Snort SO
Compiler
Shawn Webb
G2, Inc
Who am I?
 Newb
 Former Cisco Talos employee
 Current employee of G2, Inc
 Security engineer
 Cofounder of HardenedBS...
What and why?
 Customer can't use plaintext rules, requires Snort Shared
Object (aka, SO) rules
 Cisco Talos already has...
What and Why?
Demo
Questions
Porkroll Team:
Rob Weiss
SME
rob.weiss@g2-inc.com
Stephen Pietrasko
Security Engineer
stephen.pietrasko@g2-inc.c...
of 6

Porkroll - A Snort Shared Object Rule Generator

Very short introduction to Porkroll, a new Snort shared object rule generator script.
Published on: Mar 4, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - Porkroll - A Snort Shared Object Rule Generator

  • 1. December 2015 Porkroll – A Snort SO Compiler Shawn Webb G2, Inc
  • 2. Who am I?  Newb  Former Cisco Talos employee  Current employee of G2, Inc  Security engineer  Cofounder of HardenedBSD  FreeBSD and HardenedBSD fanboy  Lover of ZFS and Dtrace  Opensource enthusiast
  • 3. What and why?  Customer can't use plaintext rules, requires Snort Shared Object (aka, SO) rules  Cisco Talos already has a nifty tool – Web form only – Screen scrape? – Only produces C code, not deployable SO  Takes a plaintext Snort rule json object (lolwut?) – Converts it to a fully-deployable SO – Automation! https://gist.github.com/j105rob/1341bfc44c32c00c3a0a
  • 4. What and Why?
  • 5. Demo
  • 6. Questions Porkroll Team: Rob Weiss SME rob.weiss@g2-inc.com Stephen Pietrasko Security Engineer stephen.pietrasko@g2-inc.com Shawn Webb Security Engineer shawn.webb@g2-inc.com https://github.com/lattera/porkroll

Related Documents