Snort mailing list archives
Re: rules
From: John Sage <jsage () finchhaven com>
Date: Fri, 30 Nov 2001 07:19:34 -0800
Arvind:I think the consensus is that the rulesets that come with the current distro are better maintained, and thus more current.
I would stick with those, if I were you... Max Vision and whitehats.com will - ah - not be with us for a while :-( - John Arvind Clemente wrote:
Hi John Thnx for you time. What i meant was the rulset you get on Maxvision and default snortruleset, which of this is beetter......meaning updation of rules. support etc...... I am using Snort 1.8.2 on linux 2.2.20 as an IDS for my enterprise. rgds Arvind John Sage wrote:Arvind: Probably an impossible question to really answer. What do you mean, "better"? Depending on what version you're using (latest is 1.8.3 on *n(i|u)x, I believe..) I would think the rules that come with the latest distro are more current, as I don't know who's maintaining the Vision rules these days... What are you trying to accomplish? In what context are you running snort? What platform? etc etc etc... - John Arvind Clemente wrote:Hello Everybody, I am a newbie in snort and want to ask which rulessets are better Maxvision or Default snort rulesets. Thanks in Advance Rgds Arvind Clemente
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users