Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how can improve detection of attack by snort 3

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 30 May 2018 16:50:19 +0000
Why don't you use the registered rule set for 3.0 to test with?



On May 30, 2018, at 6:07 AM, bz Os via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort 
org>> wrote:

hello evry one
   i am using snort 3 as ids i loaded snort3 comunity rules and i uncommented all commented rules and i loaded this 
rules in the configuration file ,when i run snort  3957
rules are loaded .
   i run snort against a part on darpa dataset but as results i had only 3 detection (  "(http_Inspect)header line 
terminated by LF without a CR " and  "(arp_spoof) unicast arp request " and "(ipv4)packet from reserved source address 
" in other hand  i runed suricata against the same pcap file as rusults suricata detected a lot of attack ,

   how can i add emerging threat to detect more attack by snort 3 or is there a method for improve the detection
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: