Snort mailing list archives
Re: Question regarding the use of the terms "enabled" and "disabled" as it applies to SourceFire VRT Rules
From: JJ Cummings <cummingsj () gmail com>
Date: Mon, 13 Apr 2009 12:19:40 -0600
"enabled" means that the rule is enabled (will be used to examine packets but not "drop" them.. will only produce an alert/event) in the current policy (or in the new ruleset).. "disabled" means the opposite.. it's not enabled and will not be used to examine packets and therefore will not cause any alerts/events.. JJC On Mon, Apr 13, 2009 at 12:06 PM, Stephen Mullins < steve.mullins.work () gmail com> wrote:
Hello, As seen in this changelog (http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2006-08-22.html ), what do the words "enabled" or "disabled" mean? 7567 <-> Disabled <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules) Rule 7567 is still in the most recent rule packs so it obviously doesn't mean that the rule itself is being removed or "disabled" in the sense that it is no longer in effect. If anyone could clarify I would appreciate it. Thanks, Steve Mullins ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question regarding the use of the terms "enabled" and "disabled" as it applies to SourceFire VRT Rules Stephen Mullins (Apr 13)
- Re: Question regarding the use of the terms "enabled" and "disabled" as it applies to SourceFire VRT Rules Joel Esler (Apr 13)
- Re: Question regarding the use of the terms "enabled" and "disabled" as it applies to SourceFire VRT Rules JJ Cummings (Apr 13)