[Snort-users] Default rule set
Jake.Sallee at ...15646...
Fri May 16 13:01:26 EDT 2014
Does anyone have a recommendation for a default rule set? I am tuning my snort instances and the information I am finding seems to be that I need to try to keep my rules under 7k. The default ET rule set is ~15k if I am not mistaken, so I am looking for a good starting point.
If anyone could share any wisdom about disabling whole ranges and/or categories I would very much appreciate it, also if anyone has a standard list of entries to put in my disablesid.conf as a good starting point I would be very grateful.
If it helps, I work for a small private university with a sizeable resident population of students that I am essentially an ISP for and also have the standard office/corporate environment for my faculty/staff users too. Oh, and I have a full BYOD network on both the student and faculty/staff networks ... so, yeah ... I don't sleep at night.
Thank you in advance for any assistance you may be able offer.
Godfather of Bandwidth
University of Mary Hardin-Baylor
900 College St.
More information about the Snort-users