Snort mailing list archives
Mapping rules to policies
From: Joseph Roscioli via Snort-users <snort-users () lists snort org>
Date: Thu, 28 Sep 2017 10:19:15 -0400
Hello, I am new to SNORT. I plan to run SNORT as an IDS. I downloaded the Registered rules set. I noticed that many of the rules are commented out. The FAQ "Why are rules commented out by default?" referred to policies "There are five states that we place rules in when we create them, four of the states are assigned to policies. - Connectivity over Security (Connectivity) - Either in “alert” or “drop” - Balanced (Balanced) - Either in “alert” or “drop” - Security over Connectivity (Security) - Either in “alert” or “drop”" My question is : How do I know which policy a given rule is in? The FAQ answer contains "when you aren’t using the policies". I did not see any mention of policies in the User Manual. I assume that the uncommented rules are those considered in the "balanced" state or policy. Thanks in advance for your help. Joe
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Mapping rules to policies Joseph Roscioli via Snort-users (Sep 28)
- Re: Mapping rules to policies wkitty42 (Sep 28)