summaryrefslogtreecommitdiffstats
path: root/docs/release/userguide/snort.rst
diff options
context:
space:
mode:
authorLaura Sofia Enriquez <lsofia.enriquez@gmail.com>2018-04-23 17:15:24 -0300
committerLaura Sofia Enriquez <lsofia.enriquez@gmail.com>2018-04-24 18:24:41 -0300
commitb1f11b54803266384cf0d9e14fcb7204dbcc79a7 (patch)
treec7742466d52f322caaa664f1cdc78914e3f43f3a /docs/release/userguide/snort.rst
parent84ce45c8bf6e03f0373d9c46e0a8b7e0b3faa605 (diff)
Snort implementation
This PR has: 1. Snort VNF. 2. Documentation. Change-Id: I5df23a1b8cdb65864aa8f432ce547d6cf5f27cde Signed-off-by: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
Diffstat (limited to 'docs/release/userguide/snort.rst')
-rw-r--r--docs/release/userguide/snort.rst33
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst
new file mode 100644
index 0000000..9bb6b3b
--- /dev/null
+++ b/docs/release/userguide/snort.rst
@@ -0,0 +1,33 @@
+================
+ Snort
+================
+
+----------
+ What is Snort?
+----------
+
+`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable
+of performing real-time traffic analysis and packet logging on IP
+networks. It can perform protocol analysis, content searching/matching,
+and can be used to detect a variety of attacks and probes, such as buffer
+overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
+attempts, and much more.
+
+----------
+ What can I do with Snort?
+----------
+
+Snort has three primary uses: It can be used as a straight packet sniffer
+like tcpdump, a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion prevention system.
+
+----------
+ How Snort works?
+----------
+
+Snort works with rules. Rules are a different methodology for performing
+detection, which bring the advantage of 0-day detection to the table.
+Unlike signatures, rules are based on detecting the actual vulnerability,
+not an exploit or a unique piece of data. Developing a rule requires an
+acute understanding of how the vulnerability actually works.
+