[Snort-users] rules

John Sage jsage at ...2022...
Fri Nov 30 07:20:03 EST 2001


Arvind:

I think the consensus is that the rulesets that come with the current 
distro are better maintained, and thus more current.

I would stick with those, if I were you...

Max Vision and whitehats.com will - ah - not be with us for a while :-(

- John

Arvind Clemente wrote:

> Hi John
>     Thnx for you time. What i meant was the rulset you get on Maxvision
> and default snortruleset, which of this is beetter......meaning updation
> of rules. support etc...... I am using Snort 1.8.2 on linux 2.2.20 as an
> IDS for my enterprise.
> 
> rgds
> 
> Arvind
> 
> John Sage wrote:
> 
> 
>>Arvind:
>>
>>Probably an impossible question to really answer.
>>
>>What do you mean, "better"?
>>
>>Depending on what version you're using (latest is 1.8.3 on *n(i|u)x, I
>>believe..) I would think the rules that come with the latest distro are
>>more current, as I don't know who's maintaining the Vision rules these
>>days...
>>
>>What are you trying to accomplish?
>>
>>In what context are you running snort?
>>
>>What platform?
>>
>>etc etc etc...
>>
>>- John
>>
>>Arvind Clemente wrote:
>>
>>
>>>Hello Everybody,
>>>    I am a newbie in snort and want to ask which rulessets are better
>>>Maxvision or Default snort rulesets.
>>>
>>>Thanks in Advance
>>>
>>>Rgds
>>>Arvind Clemente







More information about the Snort-users mailing list