Understanding Snort Rules
Go to the rules folder where you downloaded the VRT certified rules during your Snort install (by default on Windows, this will be C:Snortrules). If you have not yet installed these rules, please do so. If you have any trouble downloading the current VRT rules release package, you can retrieve them from http://polaris.umuc.edu/~sgantz/files/snortrules-2982.tar.gz on my UMUC Polaris server. In the compressed (zipped) package, you are looking for the files that end in “.rules” extensions.Pick one of the named rules files, open it, and choose a rule. If this is your first exposure to Snort rule syntax, please note that the rules are the sometimes-cryptic looking items starting with the word “alert”. Copy the rule you pick into your response and describe what the rule means in your own words.