Snort mailing list archives
Re: Outdated rules
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Mon, 28 Aug 2017 14:05:14 +0000
I am still misunderstanding your question. You have an active Snort rule in place covering a reported vulnerability or exploit. Okay. got that part. Are you asking, what happens when we update that rule in the future? Or… what are you asking in your second half there? -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Aug 24, 2017, at 10:37 AM, Frank Beer via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>> wrote: Dear Snort-Team, as new Snort user, I recently had a discussion with colleagues about the roll-out process of rules in Snort without clear result. Therefore I'm writing you hoping for concrete answers: Suppose we have an active Snort rule in place covering a reported exploit. What happens with the rule in upcoming rule set releases if it is quite certain that the exploit cannot reoccur again for some reason (e.g. the exploit simply was fixed or system environment where the exploit can take action becomes obsolete)? I'm asking that, because we are afraid of potential false alarms caused by such rules in our system environment? Best regards Jason _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Outdated rules Frank Beer via Snort-sigs (Aug 28)
- Re: Outdated rules Joel Esler (jesler) via Snort-sigs (Aug 28)
- Re: Outdated rules wkitty42 (Aug 28)