[Snort-users] VRT rules policy question

Stanford Prescott stan.prescott at ...11827...
Wed Apr 5 14:29:32 EDT 2017


I will post this as an issue for pulledpork. Thanks!

On Wed, Apr 5, 2017 at 12:16 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

> I agree.  But an issue needs to be raised in the pulledpork project.
>
> *--*
> *Joel Esler *| *Talos:* Manager | jesler at ...589...
>
>
>
>
>
>
> On Apr 4, 2017, at 3:52 PM, Stanford Prescott <stan.prescott at ...11827...>
> wrote:
>
> Thank you for your responses, Joel and Michael.
>
> Perhaps I am oversimplifying this but, it seems to me that the emerging
> threats rules could just be left alone. If someone wants to use the VRT
> policies, they could be informed that ET doesn't participate in the
> security policy settings and that the user should adjust their ET rules on
> their own if they need to if they want to use the VRT rules policy and ET
> rules together.
>
> Maybe if it is felt that the ET rules need to be disabled, it would be
> better to just remove the includes for the ET rules (comment them out) in
> the snort.conf file instead of disabling each separate alert in each ET
> rules file. That would make it somewhat easier for the user to re-enable
> the ET rules files than having to uncomment each separate alert in the ET
> rules files.
>
> On Tue, Apr 4, 2017 at 1:50 PM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
> I would imagine, because ET doesn’t use the policy features.
>
> Sounds like you need to submit an issue to pulledpork:
> https://github.com/shirkdog/pulledpork/issues
>
>
> *--*
> *Joel Esler *| *Talos:* Manager | jesler at ...589...
>
>
>
>
>
>
>
> On Apr 4, 2017, at 12:42 PM, Stanford Prescott <stan.prescott at ...11827...>
> wrote:
>
> When using pulledpork and setting a VRT rules policy like connectivity,
> balanced or security why are emerging threats rules disabled?
>
> After selecting a security policy, if one were to want to return to no
> security policy and re-enable the emerging threats rules, is there a quick
> way to do that using pulledpork?
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>



More information about the Snort-users mailing list