[Snort-users] Rule management

Gustav gustav at ...4160...
Tue Nov 27 06:27:10 EST 2001

On Tue, 27 Nov 2001, Jason Lewis wrote:
> I was thinking about all the requests for automatic rule updates.  I think
> this stems from the anti-virus auto update features.  The thinking is....the
> more up to date the sigs are, the better off you are.


I've been using snort for just about a year now, and I find the tool
highly valuable. I've set up my own automatic update routines, which
worked satisfactory, untill I knew what I was doing.

Now, I like writing my own rules. Getting them just right for my site.
It's possible that this infatuation with rulemaking will go over, once
I've been doing it alot, but that's besides the point. What I really miss,
now that whitehats.com is gone, are the attack signatures.

I think distributing updated signatures is a better way to go than
distributing updated rulesets. Let the user decide what to do with the



BA0A B917 D5AD 6E59 7A3E  ADB8 E5E2 C145 4D4D 3B66A

More information about the Snort-users mailing list