[Snort-sigs] Rule-set merging
Keith T. Morgan
keith.morgan at ...950...
Wed Feb 5 08:27:30 EST 2003
I've been hacking through snort rule-sets by hand weeding out false positives. Every time there's a new rule-set released, I've been doing this entire process of locating and weeding out the false positives again. Has anyone out there scripted up a utility to merge rulesets? ie: add in new rules to existing rules files without changing rules that have been modified or commented out?
This could probably be done semi-manually with diff, but I haven't bothered to try it. How are folks dealing with this issue in general? Am I missing something obvious?
Keith T. Morgan - CISSP, CCSE/CCSA, MCP
Terradon Communications Group
Office: 304.755.1324 x142
More information about the Snort-sigs