[Snort-users] Rule management

Jason Lewis jlewis at ...2449...
Tue Nov 27 03:31:04 EST 2001


I was thinking about all the requests for automatic rule updates.  I think
this stems from the anti-virus auto update features.  The thinking is....the
more up to date the sigs are, the better off you are.

What we really need is a rule management tool.  IDScenter does some of this,
but it runs on Win2k.  (You can manage linux sensors too)

Is anyone updating a master rule list and pushing updates to sensors?  I
have tossed around different ideas for doing this and thought maybe I could
get some feedback here.  I was thinking a directory structure that had
folders for each sensor and rules were updated automatically via scp.
Thoughts?

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.







More information about the Snort-users mailing list