[Snort-users] which ruleset to use?
roeland at ...1415...
Tue Apr 3 08:11:18 EDT 2001
This subject is discussed over a couple times I thought.
It's about the rules: which rules and rulesets to use.
Why are there 2 people making and updating different rulesets,
and why aren't they just making 1 complete ruleset?
I am talking about the vision.rules and the snort *.rules.
Which one is better to use, which set is better reguraly updated?
Does anyone have an opinion about that subject?
I see all the vision.rules rules do have an whitehats-IDS reference
number, but not and cve or bugtraq number (the snort rules have), why is
I think I have to make the choice, of which ruleset to use, my own. But
plz, can you give me some disadvantages and advantages so I can make a
list and have a look which set to use.
I still have to make a choice, but I can't choose ;-(
I have some Dis- and Advantages...
D: all in 1 file (not categorized. Could be an advantage...)
A: every rule has an whitehats IDS reference number
A: updated every day
A: it's split up, so you can easily disable or enable rulesets
A: Also cve and bugtraq number
D: Not every rule has a reference number
Thnx for helping me,
More information about the Snort-users