2 files changed, 41 insertions, 0 deletions

diff --git a/docs/release/release-notes/release-notes.rst b/docs/release/release-notes/release-notes.rst
index 51711f8..5656715 100644
--- a/docs/release/release-notes/release-notes.rst
+++ b/docs/release/release-notes/release-notes.rst
@@ -9,3 +9,11 @@ Container4NFV E release Notes
 2. Container architecture options
 3. Joid could support Kubernetes
 4. Using vagrant tool to setup an env with DPDK enabled.
+
+==================================
+Container4NFV F release Notes
+==================================
+1. Enable Multus in Kubernetes
+2. Enable SR-IOV in Kubernetes
+3. Support ARM platform
+
diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst
new file mode 100644
index 0000000..9bb6b3b
--- /dev/null
+++ b/docs/release/userguide/snort.rst
@@ -0,0 +1,33 @@
+================
+ Snort
+================
+
+----------
+ What is Snort?
+----------
+
+`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable
+of performing real-time traffic analysis and packet logging on IP
+networks. It can perform protocol analysis, content searching/matching,
+and can be used to detect a variety of attacks and probes, such as buffer
+overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
+attempts, and much more.
+
+----------
+ What can I do with Snort?
+----------
+
+Snort has three primary uses: It can be used as a straight packet sniffer
+like tcpdump, a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion prevention system.
+
+----------
+ How Snort works?
+----------
+
+Snort works with rules. Rules are a different methodology for performing
+detection, which bring the advantage of 0-day detection to the table.
+Unlike signatures, rules are based on detecting the actual vulnerability,
+not an exploit or a unique piece of data. Developing a rule requires an
+acute understanding of how the vulnerability actually works.
+