[Snort-users] Snort 2.9.6 doesn't alert using subscribed VRT ruleset but with ETOpen

Joel Esler (jesler) jesler at ...589...
Sat Apr 5 10:54:33 EDT 2014


Depends on what software and plugins you are using doesn't it?  It's all dependent on your network. 

--
Joel Esler
Sent from my iPhone

> On Apr 5, 2014, at 4:25, "ped at ...16771..." <ped at ...16771...> wrote:
> 
> Thanks Joel, the issues was with the disabled rule. Once I enabled it, Snort started to alert using VRT ruleset.
> 
> I know the selection of ruleset is subjective to the environment, is there any best practice for a set of rule that should be enabled when you want to monitor a single Internet facing webserver and ssh server?
> 
> Thanks,
> Ped
> 
> 
> On Sat, Apr 5, 2014 at 1:14 AM, Joel Esler (jesler) <jesler at ...589...> wrote:
> 
> Have you tried:
>  
> https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md
>  
> Rule 2100498 is a copy of the VRT rule sid:498.  It’s disabled by default in the ruleset, so you may have to enable it (notice that we don’t enable everything by default)
>  
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
>  
> 
>  
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140405/8f80c4ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2322 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140405/8f80c4ed/attachment.bin>


More information about the Snort-users mailing list