Snort mailing list archives
RE: Bleeding Snort rules and Sourcefire Official rules
From: "Rowland, Krisa W ERDC-ITL-MS Contractor" <Krisa.W.Rowland () erdc usace army mil>
Date: Tue, 25 Oct 2005 15:11:39 -0500
HinSuk, I run both sets of rules. I do not find too much overlap - usually when one is turned into an "official" rule - then they pull it out of the bleeding set pretty quickly. Krisa ________________________________ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of hchlai () netscape net Sent: Tuesday, October 25, 2005 3:06 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Bleeding Snort rules and Sourcefire Official rules Hi Snorters, How is Bleeding Snort rules compare to Sourcefire Official rules in terms of accuracy in detecting intrusion attempts? Which set of rules are more practical to implement in a corporate environment? I'm thinking of implementing both sets of rules but I am afraid to run into many overlap alerts, has anybody try this before? What's the result is like? Many thanks! HinSuk ________________________________ Look What The New Netscape.com Can Do! Now you can preview dozens of stories and have the ones you select delivered to you without ever leaving the Top Home Page. And the new Tool Box gives you one click access to local Movie times, Maps, White Pages and more. Click to test drive.
Current thread:
- Bleeding Snort rules and Sourcefire Official rules hchlai (Oct 25)
- <Possible follow-ups>
- RE: Bleeding Snort rules and Sourcefire Official rules Rowland, Krisa W ERDC-ITL-MS Contractor (Oct 25)
- Re: Bleeding Snort rules and Sourcefire Official rules Eric Hines (Oct 25)