Snort mailing list archives
Re: Snort rules
From: Dave Killion via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 5 Jun 2019 08:58:19 -0700
I think he was interested in having a Machine Learning system write signatures for behaviors, and not a ML signature updating service. The short answer is, certainly. The long answer is, depends. That is, it depends on what kind of behavior you're looking for, and whether that behavior can be codified into a Snort signature - presumably also by ML and not a person. There's also the concern for ML learning something that isn't malicious, and end up writing a signature that detects benign traffic - which makes alerting noisy. ML really doesn't know what's "good" vs. what's "bad", it can just determine what's the same and what's different. You'd need some sort of scoring or human interaction to make that ultimate decision. Performing automated blocking of traffic without any user interaction can have undesirable consequences at times. On Wed, Jun 5, 2019 at 3:46 AM wkitty42--- via Snort-sigs < snort-sigs () lists snort org> wrote:
On 6/4/19 5:48 AM, Gururaja Padmavathi devi via Snort-sigs wrote:Is there a way where in one can update the snort rules by running amachinelearning algorithm? Pls let me know if there is such a software present.why??? you either just download the latest rules file and process it or you download the latest checksum and compare with what you already have... if they are different, then you download the latest file and process it... no "machine learning" needed at all... remember "KIS"; Keep It Simple... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
-- Dave Killion
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Snort rules Gururaja Padmavathi devi via Snort-sigs (Jun 04)
- Re: Snort rules wkitty42--- via Snort-sigs (Jun 05)
- Re: Snort rules Dave Killion via Snort-sigs (Jun 05)
- Re: Snort rules wkitty42--- via Snort-sigs (Jun 05)
- Re: Snort rules Dave Killion via Snort-sigs (Jun 05)
- Re: [Snort-sigs] Snort rules Graham Bignell via Snort-users (Jun 06)
- Re: Snort rules wkitty42--- via Snort-sigs (Jun 05)