jsage at ...2022...
Fri Nov 30 07:20:03 EST 2001
I think the consensus is that the rulesets that come with the current
distro are better maintained, and thus more current.
I would stick with those, if I were you...
Max Vision and whitehats.com will - ah - not be with us for a while :-(
Arvind Clemente wrote:
> Hi John
> Thnx for you time. What i meant was the rulset you get on Maxvision
> and default snortruleset, which of this is beetter......meaning updation
> of rules. support etc...... I am using Snort 1.8.2 on linux 2.2.20 as an
> IDS for my enterprise.
> John Sage wrote:
>>Probably an impossible question to really answer.
>>What do you mean, "better"?
>>Depending on what version you're using (latest is 1.8.3 on *n(i|u)x, I
>>believe..) I would think the rules that come with the latest distro are
>>more current, as I don't know who's maintaining the Vision rules these
>>What are you trying to accomplish?
>>In what context are you running snort?
>>etc etc etc...
>>Arvind Clemente wrote:
>>> I am a newbie in snort and want to ask which rulessets are better
>>>Maxvision or Default snort rulesets.
>>>Thanks in Advance
More information about the Snort-users