Snort mailing list archives
Re: Security Ruleset - CVSS Level
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 11 Jan 2016 20:46:25 +0000
It will*. Sorry. Keyboard got me. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 11, 2016, at 3:45 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: Vaughn, It appears we've isolated the issue. It would be fixed shortly. Thank you for bringing this to our attention. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: Vaughn, Thanks for writing in. So, there could be a couple things going on here, and I may have to get with the Meraki team to diagnose the problem. First off, if we take a look at the ruleset: https://www.snort.org/advisories/talos-rules-2016-01-07 You can see the "enabled"/"Disabled" state of the ruleset as shipped. Now, that means "Balanced". So if it's on in Balanced, it's on in security, as the more stringent rulesets also contain the lighter ruleset states, and sometimes make them "harsher". That all being said, the Meraki device is a unique type of appliance. You select the policy you want to run, and the system takes care of it for you. So, there will be a couple things we'll have to diagnose here, and none of which you need to do. I'll coordinate with the Meraki team to figure out what needs to be done. Off the top of my head, it could be several things. I'll follow up once I touch base with them. Sent from my iPad On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto:vaughn () aegisitnyc com>> wrote: Hi Folks, I am confused about the security ruleset setting in Snort. I am using a third party vendor (Cisco Meraki) and it seems that they haven't released a Security/Snort ruleset update to their MX security appliances because there have been no matching snort signature releases that match the Security Ruleset CVSS criteria. This seems confusing to me as there have been Microsoft, Adobe and Apple snort signatures since the 4th of December 2015, that are a CVSS of 6 and higher. Or am I mistaken? If anyone is running the Security Ruleset in Snort (standalone), have you gotten an update? and can someone explain this to me, because what I see from US-Cert and the Talos releases seems to indicate that there should be an update. Thanks! -- -V ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Security Ruleset - CVSS Level Vaughn A. Hart (Jan 09)
- Re: Security Ruleset - CVSS Level Joel Esler (jesler) (Jan 09)
- Re: Security Ruleset - CVSS Level Joel Esler (jesler) (Jan 11)
- Re: Security Ruleset - CVSS Level Joel Esler (jesler) (Jan 11)
- Re: Security Ruleset - CVSS Level Joel Esler (jesler) (Jan 11)
- Re: Security Ruleset - CVSS Level Joel Esler (jesler) (Jan 09)