Re: Rule management

[Gustav <gustav () umbriel org>]

On Tue, 27 Nov 2001, Jason Lewis wrote:
> I was thinking about all the requests for automatic rule updates.  I think
> this stems from the anti-virus auto update features.  The thinking is....the
> more up to date the sigs are, the better off you are.

Hi!

I've been using snort for just about a year now, and I find the tool
highly valuable. I've set up my own automatic update routines, which
worked satisfactory, untill I knew what I was doing.

Now, I like writing my own rules. Getting them just right for my site.
It's possible that this infatuation with rulemaking will go over, once
I've been doing it alot, but that's besides the point. What I really miss,
now that whitehats.com is gone, are the attack signatures.

I think distributing updated signatures is a better way to go than
distributing updated rulesets. Let the user decide what to do with the
signatures.

-- 

Gustav

BA0A B917 D5AD 6E59 7A3E  ADB8 E5E2 C145 4D4D 3B66A


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users