Snort mailing list archives

Rule management

From: "Jason Lewis" <jlewis () packetnexus com>
Date: Tue, 27 Nov 2001 06:33:37 -0500

I was thinking about all the requests for automatic rule updates.  I think
this stems from the anti-virus auto update features.  The thinking is....the
more up to date the sigs are, the better off you are.

What we really need is a rule management tool.  IDScenter does some of this,
but it runs on Win2k.  (You can manage linux sensors too)

Is anyone updating a master rule list and pushing updates to sensors?  I
have tossed around different ideas for doing this and thought maybe I could
get some feedback here.  I was thinking a directory structure that had
folders for each sensor and rules were updated automatically via scp.
Thoughts?

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
  - RE: Rule management Jason Lewis (Nov 27)
    - RE: Rule management Jeff Dell (Nov 27)
    - Re: Rule management Michael Boman (Nov 27)
    - Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
    - Re: Re: Snort Wizard comming soon! Guillaume (Nov 27)
    - Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- Re: Rule management Gustav (Nov 27)
- Re: Rule management Jason Haar (Nov 27)
- Re: Rule management Matthias Hofherr (Nov 28)

(Thread continues...)