Snort rules are quite complicated. Yara rules are quite simple. Snort rules can be enabled for detection/prevention/packet capture as well. Yara rules are mostly used for categorization of malware, utilizing which you can write your IDS rules.
Yara accepts strings, regexes, hex-values and I think similar is with snort. So the main difference being Yara helps in classifying malware while snort helps in building the actual rule to enable IDS alerts. On Wednesday, April 23, 2014 at 6:40:47 PM UTC+5:30, fz brick wrote: > > Hi, > > I am new to Yara and I am trying to understand what is the difference > between the traditional Snort rules vs the Yara rules. Can Yara do > everything Snort rules do? (Yara does appear easier to read). > > Any thoughts would be greatly appreciated. > > Thanks. > > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
