RE: Customization of rules

[Russell Fulton <R.FULTON () auckland ac nz>]

> Message: 14
> From: Chip Kelly <Chip.Kelly () sas com>
> To: "'snort-users () lists sourceforge net'"
>        <snort-users () lists sourceforge net>
> Date: Fri, 1 Feb 2002 09:36:20 -0500 
> Subject: [Snort-users] Customization of rules
>
> I'm just getting comfortable with the changes that I've made to the rules that
>  are supplied with 1.8.3. Most of the changes are localized in local.rules, but 
> I have also made changes to the way some of the other rules work in order to 
> reduce false positives in my environment. My question - how do I preserve the 
> customized rules in files other than local.rules when I update my rule sets 
> either from an update to snort or simply an update to my rules files? I'm 
> not looking forward to handling each customization individually. -chip

I have the same problem.  What I have done so far is to write a perl script
which takes a list of SIDs comments the rules out.  I want to extend this to
cover simple modifications, eg added options, changed targets etc but have not
had time to do so.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users