[Snort-users] Feedback on rule testing

James Dickenson jdickenson at ...11827...
Fri Dec 20 12:12:50 EST 2013


Hey snort users,

I've been talking with some co-workers recently about our in house rule
development and about ways we could possibly improve it.  I was wondering
if any of you on the snort user list could give us your experience in
regards to the process of creating rule you use at where you work or that
you submit to ET or VRT.  How do you sanity check the rules before you push
them to your sensors?  Do you have a formal lifecycle process and what does
that entail?  Do you automate the process somewhat with scripting or
software and if so how?

Your suggestions and comments are much appreciated,

v/r

- James D.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131220/68a12d27/attachment.html>


More information about the Snort-users mailing list