Snort mailing list archives
Re: PulledPork and empty Emerging ruleset
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 1 Jun 2015 20:47:18 +0000
On Jun 1, 2015, at 3:28 AM, Robert Lasota <wrkilu () wp pl<mailto:wrkilu () wp pl>> wrote: Well, your answer is let say a half for my question. I know that I must adjust my environment to rules. But my question was rather.. what "key" ET organization uses during deciding which rule is on and which is off ? How is with false positives ? Because I think/I hope Pulledpork policy provides that.., or maybe I'm wrong ? ;) As far as I know, ET does not provide any keywords for pulledpork to decide what should be on or off. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group http://www.talosintel.com
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Odp: Re: Odp: Re: Odp: Re: PulledPork and empty Emerging ruleset Robert Lasota (Jun 01)
- Re: Odp: Re: Odp: Re: Odp: Re: PulledPork and empty Emerging ruleset waldo kitty (Jun 01)
- Re: PulledPork and empty Emerging ruleset Joel Esler (jesler) (Jun 01)