[Snort-users] Mapping rules to policies

Joseph Roscioli roscioli812 at gmail.com
Thu Sep 28 10:19:15 EDT 2017


I am new to SNORT. I plan to run SNORT as an IDS. I downloaded the
Registered rules set. I noticed that many of the rules are commented out.
The FAQ "Why are rules commented out by default?" referred to policies

"There are five states that we place rules in when we create them, four of
the states are assigned to policies. - Connectivity over Security
(Connectivity) - Either in “alert” or “drop” - Balanced (Balanced) - Either
in “alert” or “drop” - Security over Connectivity (Security) - Either in
“alert” or “drop”"

My question is : How do I know which policy a given rule is in? The FAQ
answer contains "when you aren’t using the policies".
I did not see any mention of policies in the User Manual.

I assume that the uncommented rules are those considered  in the "balanced"
state or policy.

Thanks in advance for your help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170928/a44b759e/attachment.html>

More information about the Snort-users mailing list