[Snort-sigs] Snort vs Proofpoint Emerging Threats

wkitty42 at ...3507... wkitty42 at ...3507...
Wed Oct 5 19:07:59 EDT 2016


On 10/05/2016 06:10 PM, Joel Esler (jesler) wrote:
> I am sure there are plenty of people who would object to both sides of that argument.

hahaha... i hear ya... i contemplated for over an hour on how to respond to that 
post O:)

> Some of the rules overlap, most don’t.

true...

> You have to adjust the rulesets you are using by what your network is susceptible to.

absolutely... you always have to tune the rules to one's network... there is no 
one-size-fits-all capability... personally speaking, we run both sets over here 
on a highly tuned setup... we don't break out the LART very much any more... 
these days, one of the noisiest are the MIRAI detection rules but they were 
noisy before we knew what it was ;)


> Joel
>
>
>> On Oct 5, 2016, at 5:50 PM, wkitty42 at ...3507... wrote:
>>
>> On 10/05/2016 10:36 AM, Shawn Maggard wrote:
>>> We are building our pfSense box, and are trying to decide on which set of Snort
>>> rules to purchase: Snort's Sourcefire VRT, Emerging Threats (from proofpoint),
>>> or both.
>>
>> ET's rules are front line stuff for catching new critters...
>>
>> Talos' rules are more for maintenance and protection...
>>
>> FWIW: Sourcefile VRT is now known as Talos...
>>
>>
>> --
>>  NOTE: No off-list assistance is given without prior approval.
>>        *Please keep mailing list traffic on the list* unless
>>        private contact is specifically requested and granted.
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-sigs mailing list