Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rules Inquiry

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 5 Feb 2015 15:07:12 +0000
Yes.  Take a look at the criteria for what rules go into what policy (obviously updated for year)

http://blog.snort.org/2013/10/snort-vrt-default-ruleset-rebalancing.html

The Open Source ruleset is based off of “balanced”.


--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos


On Feb 4, 2015, at 10:24 PM, Eugene Grama <eugene.grama () gmail com<mailto:eugene.grama () gmail com>> wrote:

Hello,

I'm trying to test snort in my VM

I notice in the snort rule files (*.rules), some of the rules are commented ( # ) even when i update it with pulledpork.

As I understand, pulledpork will give you the latest rules against the latest threat.

Should I removed the comment sign to make the rules active?


--
Thank you and Best regards,

Eugene
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: