[Snort-sigs] Snort vs Proofpoint Emerging Threats

Shawn Maggard smaggard at ...4184...
Thu Oct 6 13:43:48 EDT 2016


Thank you all for your help. We will probably go with both to make sure we
are covered.

On Wed, Oct 5, 2016 at 6:07 PM, <wkitty42 at ...3507...> wrote:

> On 10/05/2016 06:10 PM, Joel Esler (jesler) wrote:
> > I am sure there are plenty of people who would object to both sides of
> that argument.
>
> hahaha... i hear ya... i contemplated for over an hour on how to respond
> to that
> post O:)
>
> > Some of the rules overlap, most don’t.
>
> true...
>
> > You have to adjust the rulesets you are using by what your network is
> susceptible to.
>
> absolutely... you always have to tune the rules to one's network... there
> is no
> one-size-fits-all capability... personally speaking, we run both sets over
> here
> on a highly tuned setup... we don't break out the LART very much any
> more...
> these days, one of the noisiest are the MIRAI detection rules but they were
> noisy before we knew what it was ;)
>
>
> > Joel
> >
> >
> >> On Oct 5, 2016, at 5:50 PM, wkitty42 at ...3507... wrote:
> >>
> >> On 10/05/2016 10:36 AM, Shawn Maggard wrote:
> >>> We are building our pfSense box, and are trying to decide on which set
> of Snort
> >>> rules to purchase: Snort's Sourcefire VRT, Emerging Threats (from
> proofpoint),
> >>> or both.
> >>
> >> ET's rules are front line stuff for catching new critters...
> >>
> >> Talos' rules are more for maintenance and protection...
> >>
> >> FWIW: Sourcefile VRT is now known as Talos...
> >>
> >>
> >> --
> >>  NOTE: No off-list assistance is given without prior approval.
> >>        *Please keep mailing list traffic on the list* unless
> >>        private contact is specifically requested and granted.
> >>
> >> ------------------------------------------------------------
> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> Snort-sigs mailing list
> >> Snort-sigs at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> >> http://www.snort.org
> >>
> >>
> >> Please visit http://blog.snort.org for the latest news about Snort!
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > http://www.snort.org
> >
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
> >
>
>
> --
>   NOTE: No off-list assistance is given without prior approval.
>         *Please keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161006/5eaac3cd/attachment.html>


More information about the Snort-sigs mailing list