In order to convert Snort filters you need to utilize the Digital Vaccine Converter (DV Converter) tool. DV Converter is part of the Digital Vaccine Toolkit (DV Toolkit) and it converts Snort filters to Digital Vaccine syntax. The filters can then be imported to the Digital Vaccine Toolkit and formatted for use in DVT filter packages. The converted filters are treated as any other DVT filter package and can be managed by the Local Security Manager (LSM) on an TippingPoint device or by the Security Management System (SMS).
In DV Converter, you open a Snort rules (.rules) file in DV Converter and save the file to Digital Vaccine XML format. All rules in the file that have successfully validated to Digital Vaccine syntax will be saved in the conversion file. Invalid rules will not be exported to the file and are reported in the Export Error Log that displays.
Procedure:
- In DV Converter, open the .rules file that you intend to convert by selecting File > Open > Snort Rules from the menu and browsing to the file.
- Review the "Status Indicators" for the rules in the file that are displayed to determine if any rules are invalid and which ones you want to modify.
- If any rules are invalid, edit the rule attribute values until they validate successfully. You can also delete any rules that you do not want in the conversion file.
- When all rules that you want to convert have been validated, save the conversion to a file by following these steps:
- In the menu, choose File > Save > Digital Vaccine XML, or select the Save icon on the toolbar.
- Navigate to the location where you want to save the file and name the file with a meaningful name that properly identifies the rule set.
- Click Save. DV Converter saves the file in XML format (by default the .xml file extension is selected).
- After saving the conversion file, you can import it into DV Toolkit to include in DVT filter packages.
