[Snort-users] Snort as IPS

Forensix Land forensixland at ...11827...
Sat Apr 22 22:37:50 EDT 2017


We just start to run snort as IPS and would like to take any advices from this group.
-- what are the rules we can start with safely in production env?
-- how do we automate updating the drop rules with pulledpork?
-- At time the snort blocking production env, what is the easy and quick way to disable or bypass the snort and put it back online later?
-- Any tips are greatly appreciated.

Sent from my iPhone

More information about the Snort-users mailing list