Snort mailing list archives
Re: VRT rules policy question
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 5 Apr 2017 17:16:47 +0000
I agree. But an issue needs to be raised in the pulledpork project. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Apr 4, 2017, at 3:52 PM, Stanford Prescott <stan.prescott () gmail com<mailto:stan.prescott () gmail com>> wrote: Thank you for your responses, Joel and Michael. Perhaps I am oversimplifying this but, it seems to me that the emerging threats rules could just be left alone. If someone wants to use the VRT policies, they could be informed that ET doesn't participate in the security policy settings and that the user should adjust their ET rules on their own if they need to if they want to use the VRT rules policy and ET rules together. Maybe if it is felt that the ET rules need to be disabled, it would be better to just remove the includes for the ET rules (comment them out) in the snort.conf file instead of disabling each separate alert in each ET rules file. That would make it somewhat easier for the user to re-enable the ET rules files than having to uncomment each separate alert in the ET rules files. On Tue, Apr 4, 2017 at 1:50 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: I would imagine, because ET doesn’t use the policy features. Sounds like you need to submit an issue to pulledpork: https://github.com/shirkdog/pulledpork/issues *--* *Joel Esler *| *Talos:* Manager | jesler () cisco com On Apr 4, 2017, at 12:42 PM, Stanford Prescott <stan.prescott () gmail com> wrote: When using pulledpork and setting a VRT rules policy like connectivity, balanced or security why are emerging threats rules disabled? After selecting a security policy, if one were to want to return to no security policy and re-enable the emerging threats rules, is there a quick way to do that using pulledpork? ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- VRT rules policy question Stanford Prescott (Apr 04)
- Re: VRT rules policy question Michael Shirk (Apr 04)
- Re: VRT rules policy question Joel Esler (jesler) (Apr 04)
- Re: VRT rules policy question Stanford Prescott (Apr 04)
- Re: VRT rules policy question wkitty42 (Apr 05)
- Re: VRT rules policy question Joel Esler (jesler) (Apr 05)
- Re: VRT rules policy question Stanford Prescott (Apr 05)
- Re: VRT rules policy question Stanford Prescott (Apr 04)