[Snort-users] [Emerging-Sigs] lots or rules loaded and snort performance

Jason Wallace jason.r.wallace at ...11827...
Fri Nov 5 21:14:04 EDT 2010


The concept is still valid, but I ditched my custom scripts as well
when pulledpork added this functionality (actually it was my feature
request ;) ). One of the good things about PP is you can also restrict
your search to things like cve's, MS numbers, or reference entries.

thx,
wally

On Fri, Nov 5, 2010 at 5:54 PM, Pedro Marinho <pppmarinho at ...11827...> wrote:
> OK thank you very much..
>
> 2010/11/5 Rodrigo Montoro(Sp0oKeR) <spooker at ...11827...>
>>
>> I'd suggest you to read those urls bellow:
>>
>>
>> http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf
>>
>> http://blog.joelesler.net/2010/04/fun-with-profile_rules.html
>>
>> About Host Attribute Table is a good read/understand to specially if
>> you are using rules that uses metadata field.
>>
>> http://global-security.blogspot.com/2010/09/pig-doktah-is-born.html
>>
>>
>> http://global-security.blogspot.com/2010/10/haz-drowning-rat-pulledpork-050-is-now.html
>>
>> Hope it helps!
>>
>> Regards,
>>
>>
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...14333...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
> Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
>




More information about the Snort-users mailing list