[Snort-users] Signatures and Rulesets

amit82 at ...14399... amit82 at ...14399...
Thu Mar 22 12:30:13 EDT 2012

Hi everyone,

I am using Snort 2.9.2 and pulledpork to pull latest paid subscription rulesets. I am just curious with preprocessor and decorder alerts disabled I was wondering how many rulesets are actually active to alert me on security events. Pulledpork gives following stats

Rule Stats....
        Enabled Rules:----2803
        Dropped Rules:----0
        Disabled Rules:---9571
        Total Rules:------12374

I am guessing  2803 rules are actually enabled (rules and so rules combined). Please correct me if I am wrong. 

So does Snort enable only priority rules and disables rules that were written to catch old/older attacks/issues/risks? Just wondering how Snort priorities signatures in its every release. Are these signatures enough to catch most common anomalies or issues, is the number comparable to what other vendors release?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120322/4a23f7b0/attachment.html>

More information about the Snort-users mailing list