Snort mailing list archives
Outdated rules
From: Frank Beer via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 24 Aug 2017 14:37:52 +0000 (UTC)
Dear Snort-Team, as new Snort user, I recently had a discussion with colleagues about the roll-out process of rules in Snort without clear result. Therefore I'm writing you hoping for concrete answers: Suppose we have an active Snort rule in place covering a reported exploit. What happens with the rule in upcoming rule set releases if it is quite certain that the exploit cannot reoccur again for some reason (e.g. the exploit simply was fixed or system environment where the exploit can take action becomes obsolete)? I'm asking that, because we are afraid of potential false alarms caused by such rules in our system environment? Best regards Jason
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Outdated rules Frank Beer via Snort-sigs (Aug 28)
- Re: Outdated rules Joel Esler (jesler) via Snort-sigs (Aug 28)
- Re: Outdated rules wkitty42 (Aug 28)