Snort mailing list archives
Snort rule policy
From: "Jeff Feng" <jianhua () us ibm com>
Date: Wed, 19 Oct 2016 12:51:34 -0500
Hi, Do anyone have experience on using OWSAP ZAP tool test against target with Snort installed ? I'm using ZAP tool ( https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) to test the target which I have snort installed. The goal is to find same or similar alerts in Snort with the alerts reported by ZAP. I'm using snort rules generated by pulledpork with "ips_policy=security" setting in pulledpork.conf I'm not able to catch all attacks ZAP sending out. I'm wondering if the snort rules I'm using are good enough with level of 'ips_policy=security' Any feedback/recommendations are appreciated. -Jeff
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rule policy Jeff Feng (Oct 19)