[Snort-users] Whats Rules should i use

Matt Kettler mkettler at ...4108...
Thu Feb 7 09:32:21 EST 2002


The default rule set is by far the most complete and well maintained rule 
set available. At one point there was an alternate rule set from whitehats, 
but due to the author being in jail at this time, those rules and the site 
that hosted them are unmaintained or minimally maintained.

The default ruleset is pretty diverse, covers a wide range of problems, and 
is relatively low false rate given that it is of a "generic" nature. (yes 
this is a pretty high false rate in many cases, but no generic ruleset can 
be both accurate and low false for all networks without manual adjustment.)

That said, no ruleset is going to be a perfect fit for your needs. The 
default ruleset is a good starting point, but you will likely find changes, 
removals and additions you will want to make as you go along.



At 03:42 AM 2/8/2002 +1100, Kenny D wrote:
>Hi,
>
>I am new to snort and have successfully set it up with
>IDScenter, so far so good. However i have one
>question, is all the rules in the standard install
>adequate or is there something else i should be
>looking out for. Would the standard rules (excluding
>those hashed out) fit most peoples needs.
>
>Thanks,
>
>
>=====
>
>
>http://greetings.yahoo.com.au - Yahoo! Greetings
>- Send your Valentines love online.
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list