[Snort-users] Switching snort from IDS to IPS mode
marcin.dulak at gmail.com
Sat Feb 3 07:43:01 EST 2018
On Sat, Feb 3, 2018 at 12:42 PM, bobby via Snort-users <
snort-users at lists.snort.org> wrote:
> I am running Snort inline. I am running Linux.
> What would be the easiest way to replace all rules with drop from alert?
> Would I have to run a script to modify each rule, or is there an easier
Use pulledpork to manage the rules http://seclists.org/snort/2017/q2/171
> On Fri, Feb 2, 2018 at 10:13 PM, <wkitty42 at windstream.net> wrote:
>> On 02/02/2018 06:56 PM, bobby via Snort-users wrote:
>>> I would like to switch Snort from IDS to IPS mode. Is this done only by
>>> modifying the rules, from alert, to drop status, or is there an easier,
>>> better way of accomplishing this?
>> IIUC, modifying the rules to drop as well as running inline... you have
>> to be inline for snort to be able to control the connections and drop the
>> ones you don't want...
>> NOTE: No off-list assistance is given without prior approval.
>> *Please keep mailing list traffic on the list unless*
>> *a signed and pre-paid contract is in effect with us.*
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>> Please follow these rules: https://snort.org/faq/what-is-
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
> Please follow these rules: https://snort.org/faq/what-is-
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users