Re: Missing SID information on Snort site

[Joel Esler <jesler () sourcefire com>]

On May 8, 2013, at 3:24 PM, MA Bel <mab_generic () outlook com> wrote:

> Again... SID 21545 is also missing.   I found this link, which points to a disabled rule (which I have enabled).
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_2/changes-2012-03-08.html
>
> What's the point of leaving rule in the rules file if the goal is to never use it? Correct me if I'm wrong but this 
> appears to be the motivation behind the removal of the related information page.

We don't know what software you are running on your network, plus the disabled/enabled state only indicates that the 
rule is in the balanced policy or not.  It's not an indication if the rule is in the security policy or in no policies 
at all.  

http://blog.snort.org/2012/01/importance-of-pulledpork.html  <-- Please read.

We generally leave all rules in the system unless they are removed by newer detection, redundancy, etc.  

This is going to change in the near future by establishing exactly what is in each policy.  We'll publish this cut and 
dry criteria at that time.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!