Snort mailing list archives
snort rules with OS info?
From: Susan Coulter <skc () lanl gov>
Date: 13 Feb 2004 14:47:55 -0700
We're planning on merging our ip-OS information database with our snort infrastructure in order to remove false positives related to OS differences. (i.e. alerts that trigger on rules that are Windows specific, when that particular ip runs Linux, etc.) Has anyone else gone thru the snort ruleset and identified (if possible) the Operating System the rules applies to? If so, is that information available for others? If I cannot find an existing ruleset that contains OS - we'll go thru the tedious task of doing that, at which point we'll post the info for others. -- ==================================== Susan Coulter Network Security Team CCN-5 Network Engineering Los Alamos National Laboratory 505-667-8425 phone 505-665-7793 fax ====================================
Current thread:
- snort rules with OS info? Susan Coulter (Feb 13)
- Re: snort rules with OS info? Martin Roesch (Feb 13)