For anyone working with Snort, its invaluable to have an environment to develop and test rules. This allows you to tune rules to be as effective as possible and can also be used to aid investigations in incident response situations. This latest blog is going to take you through how to setup a test lab on a Ubuntu 18.04 analysis machine. This will result in a simple script to analyse PCAPs with Snort using the Snort and Emerging Threats community rule packs. The script can be found on my Github:
https://github.com/mcb2Eexe/ids
Enjoy