Snort mailing list archives

Re: Comprehensive explanation of rules

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 17 Dec 2015 13:35:17 +0000

Have you checked out the documentation for the rules on Snort.org<http://snort.org>?  Just punch in the SID number into 
the search box at the top left.

Also check out:  https://snort.org/rules_explanation

--
Joel Esler
Manager, Talos Group




On Dec 16, 2015, at 4:53 PM, Scott Ellis <scorellis () kcura com<mailto:scorellis () kcura com>> wrote:

I am trying to find a comprehensive explanation of rules, such as:
•         who wrote it,
•         what it is intended to block,
•         what might be some of the root causes of hyperactive alerts,
•         what is the category ID of a signature and how to I block an entire category, (I know how to handle single 
signatures)
•         is there an online lookup where I can find all this information and lookup a signature by its ID
and any other useful information that can be provided that will help me develop stronger alert management workflows for 
my organization.

Thank you!
Scott
------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Comprehensive explanation of rules Scott Ellis (Dec 16)
- Re: Comprehensive explanation of rules Joel Esler (jesler) (Dec 17)