Re: Sourcefire VRT Certified Snort Rules Update2011-12-07

[Joel Esler <jesler () sourcefire com>]

Correct.

If you have the var in snort.conf, it shouldn't matter which rule file we
put it in.  That being said, I assume your "I wasn't" comment means you
aren't using file-identify.rules.

We moved most of the rules that "Set" flowbits into this file.  Meaning
that if you are not using this rule file, that means that many of your
flowbits are not being set that, increasingly, other rules are using.  So
this file is extremely important.

http://blog.snort.org/2011/05/resolving-flowbit-dependancies.html

We write our rules and turn then on or off with the thought process that
you are either using Sourcefire's Defense Center, or pulledpork.  As both
of these handle flowbit dependancies and default policy selection.

Joel

On Thu, Dec 8, 2011 at 9:23 AM, Michael Scheidell <
michael.scheidell () secnap com> wrote:

> I wasn’t.. but problem is that the new var got put into web-client.rules
> last night.****
>
> ** **
>
> Your blog doesn’t mention that LEGACY rule sets would be affected.****
>
> ** **
>
> * *
>
> ** **
>
> Again:****
>
> ** **
>
> In theory, there is no difference between theory and practice.
> In practice, there is.****
>
> ** **
>
> ** **
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!