[Snort-users] Rules

Amit B amn0p at ...14399...
Mon Mar 26 21:20:49 EDT 2012


I am using Snort 2.9.2 and pulledpork to pull latest paid subscription rulesets. I am just curious with preprocessor and decorder alerts disabled I was wondering how many rulesets are actually active to alert me on security events. Pulledpork gives following stats
 
Rule Stats....
        New:-------134
        Deleted:---3
        Enabled Rules:----2803
        Dropped Rules:----0
        Disabled Rules:---9571
        Total Rules:------12374
        Done
I am guessing  2803 rules are actually enabled (rules and so rules combined). Please correct me if I am wrong. 
 
So does Snort enable only priority rules and disables rules that were written to catch old/older attacks/issues/risks? Just wondering how Snort priorities signatures in its every release. Are these signatures enough to catch most common anomalies or issues, is the number comparable to what other vendors release?
 
Thanks,
Ams




More information about the Snort-users mailing list