hello evry one
i am using snort 3 as ids i loaded snort3 comunity rules and i uncommented all commented rules and i loaded this rules in the configuration file ,when i run snort 3957
rules are loaded .
i run snort against a part on darpa dataset but as results i had only 3 detection
( "(http_Inspect)header line terminated by LF without a CR " and "(arp_spoof) unicast arp request " and "(ipv4)packet from reserved source address " in other hand
i runed suricata against the same pcap file as rusults suricata detected a lot of attack ,
how can i add emerging threat to detect more attack by snort 3 or is there a method for improve the detection