{"id":26646,"date":"2025-11-18T06:43:45","date_gmt":"2025-11-18T06:43:45","guid":{"rendered":"http:\/\/localhost\/?p=26646"},"modified":"2025-11-18T06:43:45","modified_gmt":"2025-11-18T06:43:45","slug":"new-in-snort3-enhanced-rule-grouping-for-greater-flexibility-and-control","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=26646","title":{"rendered":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C"},"content":{"rendered":"

{“lastseen”:”2025-11-18T12:05:14″,”description”:”![New in Snort3: Enhanced rule grouping for greater flexibility and control](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/11\/on_the_radar.jpg)\\n\\nToday, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT\u00ae rules with your organization’s specific security needs.\\n\\n## The new \\”Severity\\” rule group\\n\\nIn Snort3, rule groups let you organize and manage detection rules according to specific criteria. Previously, only two top-level groups were available:\\n\\n * Rule Category: groups rules by Snort2 categories such as FILE-OTHER, MALWARE-CNC, etc.\\n * MITRE ATT\\u0026CK: groups rules by attacker behaviors and techniques\\n\\n\\n\\nThese groups allow you to set a security level from 0 (all rules disabled) to 4 (all rules enabled).\\n\\nThe new Severity rule group introduces a third way to organize rules — by vulnerability severity, using CVSS scores. Rules are grouped as low, medium, high, or critical, allowing your team to prioritize detection based on the impact and urgency of vulnerabilities, rather than just category or behavior.\\n\\nThis makes it easier to focus attention and resources where they matter most.\\n\\n## Flexible rule group creation based on time range\\n\\nWith the Severity group, you can define how far back in time you want your coverage to extend:\\n\\nLevel | Coverage | Description \\n—|—|— \\n0 | None | No rules enabled \\n1 | Last 2 years | Focuses on recent, high-impact vulnerabilities \\n2 | Last 5 years | Balanced coverage of recent and mid-term threats \\n3 | Last 10 years | Broad coverage for long-lived environments \\n4 | All | Includes all vulnerabilities detected to date \\n \\nThis approach gives you precise control over rule selection and volume. It helps optimize performance while ensuring your detection policies match your organization’s patching cycles, compliance requirements, and risk profile.\\n\\nWe’re also looking to develop more top-level groupings in the coming quarters. More details will be shared in due course.\\n\\n## What this means for your environment\\n\\nConfiguring Snort3 previously required enabling rules individually or applying a predefined ruleset and then tuning manually. We know this wasn’t the most time-efficient process, so the Snort analyst team worked to simplify it with the new features announced today.\\n\\nYou can now:\\n\\n * Enable rule groups aligned with your own internal policies\\n * Scale configurations across multiple environments without managing individual rules\\n * Adjust detection depth easily by time range or severity level\\n\\n\\n\\nThese capabilities make it simpler to maintain consistent, targeted detection coverage — whether you’re running large, distributed networks or smaller environments with tailored security priorities.\\n\\n## Conclusion\\n\\nThe new Severity rule group and expanded rule group model give Snort3 users more flexibility and control.\\n\\nBy organizing rules based on vulnerability severity and timeframe, you can focus detection where it has the greatest impact, improving both efficiency and accuracy in threat management.”,”published”:”2025-11-18T11:00:25″,”modified”:”2025-11-18T11:00:25″,”type”:”talosblog”,”title”:”New in Snort3: Enhanced rule grouping for greater flexibility and control”,”source”:””,”references”:””,”id”:”TALOSBLOG:8100088E7CCD4454C10FA919A497A37C”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/new-in-snort3-enhanced-rule-grouping-for-greater-flexibility-and-control\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-18T12:05:14″,”description”:”![New in Snort3: Enhanced rule grouping for greater flexibility and control](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/11\/on_the_radar.jpg)\\n\\nToday, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-26646","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\nNew in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=26646\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-18T12:05:14″,”description”:”![New in Snort3: Enhanced rule grouping for greater flexibility and control](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/11\/on_the_radar.jpg)nnToday, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=26646\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-18T06:43:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C\",\"datePublished\":\"2025-11-18T06:43:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646\"},\"wordCount\":627,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"Security\",\"talosblog\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=26646#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646\",\"name\":\"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-18T06:43:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=26646\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26646#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=26646","og_locale":"en_US","og_type":"article","og_title":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem","og_description":"{“lastseen”:”2025-11-18T12:05:14″,”description”:”![New in Snort3: Enhanced rule grouping for greater flexibility and control](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/11\/on_the_radar.jpg)nnToday, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These...","og_url":"https:\/\/zero.redgem.net\/?p=26646","og_site_name":"zero redgem","article_published_time":"2025-11-18T06:43:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=26646#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=26646"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C","datePublished":"2025-11-18T06:43:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=26646"},"wordCount":627,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","Security","talosblog","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=26646#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=26646","url":"https:\/\/zero.redgem.net\/?p=26646","name":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-18T06:43:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=26646#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=26646"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=26646#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"New in Snort3: Enhanced rule grouping for greater flexibility and control_TALOSBLOG:8100088E7CCD4454C10FA919A497A37C"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/26646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26646"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/26646\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}