[Snort-sigs] Rules Inquiry

Joel Esler (jesler) jesler at ...3865...
Thu Feb 5 10:07:12 EST 2015


Yes.  Take a look at the criteria for what rules go into what policy (obviously updated for year)

http://blog.snort.org/2013/10/snort-vrt-default-ruleset-rebalancing.html

The Open Source ruleset is based off of “balanced”.


--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos


On Feb 4, 2015, at 10:24 PM, Eugene Grama <eugene.grama at ...2420...<mailto:eugene.grama at ...2420...>> wrote:

Hello,

I'm trying to test snort in my VM

I notice in the snort rule files (*.rules), some of the rules are commented ( # ) even when i update it with pulledpork.

As I understand, pulledpork will give you the latest rules against the latest threat.

Should I removed the comment sign to make the rules active?


--
Thank you and Best regards,

Eugene
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150205/f9a80781/attachment.html>


More information about the Snort-sigs mailing list