Download Snort Rules
Sourcefire Vulnerability Research Team™ (VRT) Rules are the official rules of Snort. Each rule is developed and tested using the same rigorous standards the VRT uses for Sourcefire customers.
In order to manage rules we officially recommend and depend on the user using PulledPork.
These rules are distributed under the VRT Certified Rules License Agreement. This license agreement allows you to study and modify VRT rules but restricts commercial redistribution.
Sourcefire VRT Certified Rules - The Official Snort Ruleset
- » Subscriber Release
- » Registered User Release
- » Community Rules Release
- » Download from the command line
Subscriber Release
The Subscription Release provides registered users of Snort.org with immediate access to the most up to date Sourcefire VRT Certified Rules available. Real-time access requires a paid, annual subscription. For more information on a subscription click here. or to purchase a VRT Rules subscription online visit the VRT Store
Documentation
VRT advisory | Ruleset change log
Snort v2.9
Registered User Release
The Registered User Release makes Sourcefire VRT Certified Rules updates available to registered users of Snort.org free of charge 30-days after the initial release to subscribers.
Documentation
Snort v2.9
Community Rules
The Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset. If you are a VRT Subscriber, the community ruleset is already built into your download. If you are a registered user (under the 30-day delay) you may also include this ruleset in your Snort installation to stay current. The authors of the rules in the community ruleset are listed in the AUTHORS file inside the tarball.
Download
Note: Snort rule packages for Subscribers and Registered Users track the latest patch release for any major version. This means that rule packages may make use of features that only exist in the latest version of Snort. A simple example is: If 2.9.0 is the current version of Snort then the snortrules-snapshot-29* packages might use features not available in 2.8.* and earlier.
Rule Search
Site Search
VRT Links
- Buy a Subscription
- VRT Labs Website
- Advisories
- VRT PGP Public Key
- License Agreement
- Advisories Feed
- MS Tuesday Coverage
- Snort.conf configurations
- VRT Rule Category Explanations
- VRT Blog
- VRT Twitter Feed
