Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rules division, divide, split

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 26 May 2015 19:35:20 +0000

On May 22, 2015, at 3:01 PM, Robert Lasota <wrkilu () wp pl<mailto:wrkilu () wp pl>> wrote:

Dnia Piątek, 22 Maja 2015 20:33 Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> napisał(a)
Sounds like you are trying to do something oddly clever.   Can you describe what you are trying to do?


Hehe ;) , we don't want to load too much Snort by enabling all rules, this will be IPS for SOHO. So we thought, we'll 
turn on just malware/virus/browser rules, but sometime when it will be need we'll add rules just for needed apps e.g. 
SQL server and VOIP, or for HTTP and mail server - thats why..

Are you using OpenAppId to identify sessions for protocols and ports?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: