[Snort-users] Bleeding Snort rules and Sourcefire Official rules

Rowland, Krisa W ERDC-ITL-MS Contractor Krisa.W.Rowland at ...3768...
Tue Oct 25 13:13:31 EDT 2005



I run both sets of rules.  I do not find too much overlap - usually when one
is turned into an "official" rule - then they pull it out of the bleeding set
pretty quickly.  





From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
hchlai at ...2792...
Sent: Tuesday, October 25, 2005 3:06 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Bleeding Snort rules and Sourcefire Official rules


Hi Snorters,


How is Bleeding Snort rules compare to Sourcefire Official rules in terms of
accuracy in detecting intrusion attempts? Which set of rules are more
practical to implement in a corporate environment? I'm thinking of
implementing both sets of rules but I am afraid to run into many overlap
alerts, has anybody try this before? What's the result is like?


Many thanks!





Look What The New Netscape.com Can Do!
Now you can preview dozens of stories and have the ones you select delivered
to you without ever leaving the Top Home Page. And the new Tool Box gives you
one click access to local Movie times, Maps, White Pages and more. Click to
test drive. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051025/43696b81/attachment.html>

More information about the Snort-users mailing list