[Snort-users] Rules

Amit B amn0p at ...14399...
Mon Mar 26 21:20:49 EDT 2012

I am using Snort 2.9.2 and pulledpork to pull latest paid subscription rulesets. I am just curious with preprocessor and decorder alerts disabled I was wondering how many rulesets are actually active to alert me on security events. Pulledpork gives following stats
Rule Stats....
        Enabled Rules:----2803
        Dropped Rules:----0
        Disabled Rules:---9571
        Total Rules:------12374
I am guessing  2803 rules are actually enabled (rules and so rules combined). Please correct me if I am wrong. 
So does Snort enable only priority rules and disables rules that were written to catch old/older attacks/issues/risks? Just wondering how Snort priorities signatures in its every release. Are these signatures enough to catch most common anomalies or issues, is the number comparable to what other vendors release?

More information about the Snort-users mailing list