!!Rolling back Snort rule files!!

[Miso Patel <miso.patel () gmail com>]

Today we installed the newest VRT community rules on our Snort sensors.
Almost immediately we started seeing increased alert volume and further
investigation shows that these are all false positives. We see *tons* of
events for the Microsoft Kodak imaging malformed tiff rules along with other
alerts like Mozilla firefox image dragging exploit and more.

Right now the SIEM is swamped and I've made the decision to go back to the
old rules ... is there an easy way to do this?  I don't see them online and
my engineers tell me that there is not an option in Snort to instruct it to
use the previous ruleset (e.g. snort --use-prev).  Any help is much
appreciated.

Thank you.

Miso Patel, CISO

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs