Snort mailing list archives
Re: Rule Management with two separate rulesets
From: JJC <cummingsj () gmail com>
Date: Wed, 17 Jul 2013 10:58:38 -0600
PP names them for you.. even if they are indivitual ET-category.rules or VRT-category.rules :-) On Wed, Jul 17, 2013 at 10:49 AM, waldo kitty <wkitty42 () windstream net>wrote:
On 7/16/2013 23:08, Steven McLaughlin wrote:Hi All, I am looking at testing emerging threats ruleset alongside snort rules.As faras directory structures are concerned is it best to have the rules inseparatedirectories and run two separate instances of pulledpork? Or better tohave bothrule sets all in the one directory? The overlap could get complicated here with rule updates and snort conffiles etc..Is anyone else doing this? If so any advice?we run both sets here... not testing... we do not (yet) use pulledpork... we have all the rules files in one directory... each is differentiated by their name... blah.rules from VRT (kinda wish they'd put VRT-blah.rules)... emerging-blah.rules from ET... we have all rules named in snort.conf so that we can manage them by "category" (ie: filename)... in this way, we can enable or disable an entire category with one edit to (un)comment one filename... having the rulea all in one directory also allows for easier management of sid-msg.map because the generator for that file can simply run thru all files in the one rules directory... we have no problem with rules updates... we (currently) pull VRT rules once a week and ET rules once a day... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Rule Management with two separate rulesets Steven McLaughlin (Jul 16)
- Re: Rule Management with two separate rulesets JJC (Jul 16)
- Re: Rule Management with two separate rulesets waldo kitty (Jul 17)
- Re: Rule Management with two separate rulesets JJC (Jul 17)
- Re: Rule Management with two separate rulesets Joel Esler (Jul 17)