Snort mailing list archives

Re: ENABLED vs DISABLED

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 29 Jul 2020 21:56:56 +0000

Dear Anthony,

Thanks for your email.  I believe you will find what you are looking for here: 
https://www.snort.org/faq/why-are-rules-commented-out-by-default


-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Jul 29, 2020, at 4:01 PM, Filice II, Anthony via Snort-sigs <snort-sigs () lists snort org> wrote:

All,
 
Does anyone know why this new release shows DISABLED. Especially when several are still currently being exploited?
 
* 1:54637 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)
* 1:54636 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)
* 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules)
* 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules)
 
 
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-sigs <https://lists.snort.org/mailman/listinfo/snort-sigs>

Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette 
<https://snort.org/faq/what-is-the-mailing-list-etiquette>

Visit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to 
catch the most <a href=" https://snort.org/downloads/#rule-downloads 
<https://snort.org/downloads/#rule-downloads>">emerging threats</a>!

Attachment: smime.p7s
Description:

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

ENABLED vs DISABLED Filice II, Anthony via Snort-sigs (Jul 29)
- Re: ENABLED vs DISABLED Joel Esler (jesler) via Snort-sigs (Jul 29)