Snort mailing list archives
Re: Comprehensive explanation of rules
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 17 Dec 2015 13:35:17 +0000
Have you checked out the documentation for the rules on Snort.org<http://snort.org>? Just punch in the SID number into the search box at the top left. Also check out: https://snort.org/rules_explanation -- Joel Esler Manager, Talos Group On Dec 16, 2015, at 4:53 PM, Scott Ellis <scorellis () kcura com<mailto:scorellis () kcura com>> wrote: I am trying to find a comprehensive explanation of rules, such as: • who wrote it, • what it is intended to block, • what might be some of the root causes of hyperactive alerts, • what is the category ID of a signature and how to I block an entire category, (I know how to handle single signatures) • is there an online lookup where I can find all this information and lookup a signature by its ID and any other useful information that can be provided that will help me develop stronger alert management workflows for my organization. Thank you! Scott ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Comprehensive explanation of rules Scott Ellis (Dec 16)
- Re: Comprehensive explanation of rules Joel Esler (jesler) (Dec 17)