[Snort-users] Signatures and Rulesets

amit82 at ...14399... amit82 at ...14399...
Thu Mar 22 12:30:13 EDT 2012


Hi everyone,

I am using Snort 2.9.2 and pulledpork to pull latest paid subscription rulesets. I am just curious with preprocessor and decorder alerts disabled I was wondering how many rulesets are actually active to alert me on security events. Pulledpork gives following stats

Rule Stats....
        New:-------134
        Deleted:---3
        Enabled Rules:----2803
        Dropped Rules:----0
        Disabled Rules:---9571
        Total Rules:------12374
        Done

I am guessing  2803 rules are actually enabled (rules and so rules combined). Please correct me if I am wrong. 

So does Snort enable only priority rules and disables rules that were written to catch old/older attacks/issues/risks? Just wondering how Snort priorities signatures in its every release. Are these signatures enough to catch most common anomalies or issues, is the number comparable to what other vendors release?

Thanks,
Ams.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120322/4a23f7b0/attachment.html>


More information about the Snort-users mailing list