Snort mailing list archives
Re: Rules division, divide, split
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 26 May 2015 19:35:20 +0000
On May 22, 2015, at 3:01 PM, Robert Lasota <wrkilu () wp pl<mailto:wrkilu () wp pl>> wrote: Dnia Piątek, 22 Maja 2015 20:33 Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> napisał(a) Sounds like you are trying to do something oddly clever. Can you describe what you are trying to do? Hehe ;) , we don't want to load too much Snort by enabling all rules, this will be IPS for SOHO. So we thought, we'll turn on just malware/virus/browser rules, but sometime when it will be need we'll add rules just for needed apps e.g. SQL server and VOIP, or for HTTP and mail server - thats why.. Are you using OpenAppId to identify sessions for protocols and ports? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Odp: Re: Rules division, divide, split Robert Lasota (May 22)
- Re: Rules division, divide, split Joel Esler (jesler) (May 26)