[Snort-users] Bleeding Snort rules and Sourcefire Official rules

hchlai at ...2792... hchlai at ...2792...
Tue Oct 25 13:06:14 EDT 2005


Hi Snorters,
 
How is Bleeding Snort rules compare to Sourcefire Official rules in terms of accuracy in detecting intrusion attempts? Which set of rules are more practical to implement in a corporate environment? I'm thinking of implementing both sets of rules but I am afraid to run into many overlap alerts, has anybody try this before? What's the result is like?
 
Many thanks!
 
HinSuk
 
__________________________________________________________________
Look What The New Netscape.com Can Do!
Now you can preview dozens of stories and have the ones you select delivered to you without ever leaving the Top Home Page. And the new Tool Box gives you one click access to local Movie times, Maps, White Pages and more.  See for yourself at http://netcenter.netscape.com/netcenter/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051025/6ccd04d9/attachment.html>


More information about the Snort-users mailing list