Snort Tuning

[wilson.amajohn () gmail com]

This is somewhat of a simple question more out of curiosity than anything.  In tuning some snort sensors I got 
thinking.  I was wondering how others handle rule modifications based on their organizational structure.  Obviously the 
default rules that come from snort.org need some type of tweaking based on what environment they are deployed in.  I am 
curious how those rules are handled.  Do you disable the sid and then copy that rule to the local file? Or do you 
modify it and come up with your own scripting to handle the rule?
Hopefully this is somewhat clear.  Thanks for any response

John 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------