Snort mailing list archives

Re: PulledPork and empty Emerging ruleset

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 1 Jun 2015 20:47:18 +0000


On Jun 1, 2015, at 3:28 AM, Robert Lasota <wrkilu () wp pl<mailto:wrkilu () wp pl>> wrote:

Well, your answer is let say a half for my question. I know that I must adjust my environment to rules. But my question 
was rather.. what "key" ET organization uses during deciding which rule is on and which is off ? How is with false 
positives ? Because I think/I hope Pulledpork policy provides that.., or maybe I'm wrong ? ;)

As far as I know, ET does not provide any keywords for pulledpork to decide what should be on or off.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Odp: Re: Odp: Re: Odp: Re: PulledPork and empty Emerging ruleset Robert Lasota (Jun 01)
- Re: Odp: Re: Odp: Re: Odp: Re: PulledPork and empty Emerging ruleset waldo kitty (Jun 01)
- Re: PulledPork and empty Emerging ruleset Joel Esler (jesler) (Jun 01)