[Snort-users] Rules and Tuning

Joel Esler jesler at ...1935...
Thu Aug 16 18:55:42 EDT 2012


On 14 Aug 2012, at 16:52, Steven Vona wrote:

> Thanks for the help.  But what I really need is a listing of all the
> rules.  We want to go through the whole list and select what we need
> enabled and not enabled.  Is this possible?


What I recommend for that is to go through your snort.conf and comment 
out the rule files which categories don't apply to your network (or if 
you are using pulledpork, your disablesid.conf) Then evaluate the rules 
that are left.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire




More information about the Snort-users mailing list