[Snort-sigs] Rule-set merging

Keith T. Morgan keith.morgan at ...950...
Wed Feb 5 08:27:30 EST 2003


I've been hacking through snort rule-sets by hand weeding out false positives.  Every time there's a new rule-set released, I've been doing this entire process of locating and weeding out the false positives again.  Has anyone out there scripted up a utility to merge rulesets?  ie: add in new rules to existing rules files without changing rules that have been modified or commented out?

This could probably be done semi-manually with diff, but I haven't bothered to try it.  How are folks dealing with this issue in general?  Am I missing something obvious?

Keith T. Morgan - CISSP, CCSE/CCSA, MCP
Terradon Communications Group
Office: 304.755.1324 x142
Mobile: 304.415.0238




More information about the Snort-sigs mailing list