Thanks Joël esler for reply i am using snort comunity rules the rules used by snort 3 ,i dont understand jour reply can you explain plz

Le mer. 30 mai 2018 4:50 PM, Joel Esler (jesler) <> a écrit :
Why don't you use the registered rule set for 3.0 to test with?

On May 30, 2018, at 6:07 AM, bz Os via Snort-users <> wrote:

hello evry one
   i am using snort 3 as ids i loaded snort3 comunity rules and i uncommented all commented rules and i loaded this rules in the configuration file ,when i run snort  3957
rules are loaded .
   i run snort against a part on darpa dataset but as results i had only 3 detection (  "(http_Inspect)header line terminated by LF without a CR " and  "(arp_spoof) unicast arp request " and "(ipv4)packet from reserved source address " in other hand  i runed suricata against the same pcap file as rusults suricata detected a lot of attack ,
   how can i add emerging threat to detect more attack by snort 3 or is there a method for improve the detection
Snort-users mailing list
Go to this URL to change user options or unsubscribe:

Please visit to stay current on all the latest Snort news!

Please follow these rules: