[Snort-users] how can improve detection of attack by snort 3

bz Os ossamabzos at gmail.com
Wed May 30 06:07:07 EDT 2018

hello evry one
   i am using snort 3 as ids i loaded snort3 comunity rules and i
uncommented all commented rules and i loaded this rules in the
configuration file ,when i run snort  3957
rules are loaded .
   i run snort against a part on darpa dataset but as results i had only 3
detection (  "(http_Inspect)header line terminated by LF without a CR "
and  "(arp_spoof) unicast arp request " and "(ipv4)packet from reserved
source address " in other hand  i runed suricata against the same pcap file
as rusults suricata detected a lot of attack ,

   how can i add emerging threat to detect more attack by snort 3 or is
there a method for improve the detection
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180530/066ea585/attachment.html>

More information about the Snort-users mailing list