[Snort-users] Rules and Tuning
jesler at ...1935...
Thu Aug 16 18:55:42 EDT 2012
On 14 Aug 2012, at 16:52, Steven Vona wrote:
> Thanks for the help. But what I really need is a listing of all the
> rules. We want to go through the whole list and select what we need
> enabled and not enabled. Is this possible?
What I recommend for that is to go through your snort.conf and comment
out the rule files which categories don't apply to your network (or if
you are using pulledpork, your disablesid.conf) Then evaluate the rules
that are left.
Senior Research Engineer, VRT
OpenSource Community Manager
More information about the Snort-users