[Snort-users] rules for Snort Inline
risto.vaarandi at ...13914...
Mon Sep 4 08:07:31 EDT 2006
I have had Snort running in IDS mode for some time, and would now like
deploy it in Inline mode for actually dropping malicious traffic.
However, the Snort rules available at http://www.snort.org/rules/ have
been configured to produce alerts only, and the user has to test each
rule whether the 'drop', 'reject' or other such action would be suitable
for his/her environment.
Since testing rules one by one involves a lot of time, I started to look
for rule collections designed specifically for Snort Inline, and located
the rulesets at BleedingSnort (http://www.bleedingsnort.com/rules/). My
question is - are there any similar projects around for creating rules
for Snort Inline?
I understand that for some rules it is difficult to verify that they
don't block anything legitimate, yet there could be rules which almost
never produce false positives. If someone has created a collection of
such rules, I'd be thankful for the pointers.
More information about the Snort-users