Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 8 Dec 2011 09:56:48 -0500
Correct. If you have the var in snort.conf, it shouldn't matter which rule file we put it in. That being said, I assume your "I wasn't" comment means you aren't using file-identify.rules. We moved most of the rules that "Set" flowbits into this file. Meaning that if you are not using this rule file, that means that many of your flowbits are not being set that, increasingly, other rules are using. So this file is extremely important. http://blog.snort.org/2011/05/resolving-flowbit-dependancies.html We write our rules and turn then on or off with the thought process that you are either using Sourcefire's Defense Center, or pulledpork. As both of these handle flowbit dependancies and default policy selection. Joel On Thu, Dec 8, 2011 at 9:23 AM, Michael Scheidell < michael.scheidell () secnap com> wrote:
I wasn’t.. but problem is that the new var got put into web-client.rules last night.**** ** ** Your blog doesn’t mention that LEGACY rule sets would be affected.**** ** ** * * ** ** Again:**** ** ** In theory, there is no difference between theory and practice. In practice, there is.**** ** ** ** **
------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2011-12-07 Research (Dec 07)
- Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Weir, Jason (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Weir, Jason (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Weir, Jason (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Michael Scheidell (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Nigel Houghton (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Michael Scheidell (Dec 08)