IDS mailing list archives
Re: snort signature analysis tools
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 7 Jan 2005 09:47:42 -0500
What do you mean by overlaps/collisions? Rules that cover the same attack, duplicates, rules that will "cover" other rules and prevent them from firing?
On Jan 4, 2005, at 1:16 PM, Scott Kelly wrote:
Does anyone know of any tools to analyze a batch of snort signatures foroverlaps/collisions?----------------------------------------------------------------------- ---Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.----------------------------------------------------------------------- ---
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- snort signature analysis tools Scott Kelly (Jan 06)
- Re: snort signature analysis tools Martin Roesch (Jan 08)
- <Possible follow-ups>
- RE: snort signature analysis tools Scott Kelly (Jan 10)
- Re: snort signature analysis tools Martin Roesch (Jan 12)
- RE: snort signature analysis tools Hazel, Scott A. (Jan 17)
- Re: snort signature analysis tools Chris Green (Jan 19)
- Re: snort signature analysis tools Jose Nazario (Jan 20)
- Re: snort signature analysis tools Chris Green (Jan 19)