[Snort-users] Enabling Only Applicable Rules

bobby architectofthefuture at ...11827...
Fri May 12 20:32:26 EDT 2017


I am running snort, and have the community rules.

If I am running the HTTP service, how do I locate the rules that I need to
activate/that apply to me?  Do I just do a ls | grep ' HTTP ' on the
rules?  What is the best way to do this since there are thousands and
thousands of rule sets?  How does one go about customizing the rules to
ones' network?



More information about the Snort-users mailing list