RE: Bleeding Snort rules and Sourcefire Official rules

["Rowland, Krisa W ERDC-ITL-MS Contractor" <Krisa.W.Rowland () erdc usace army mil>]

HinSuk,

 

I run both sets of rules.  I do not find too much overlap - usually when one
is turned into an "official" rule - then they pull it out of the bleeding set
pretty quickly.  

 

Krisa

 

________________________________

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
hchlai () netscape net
Sent: Tuesday, October 25, 2005 3:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Bleeding Snort rules and Sourcefire Official rules

 

Hi Snorters,

 

How is Bleeding Snort rules compare to Sourcefire Official rules in terms of
accuracy in detecting intrusion attempts? Which set of rules are more
practical to implement in a corporate environment? I'm thinking of
implementing both sets of rules but I am afraid to run into many overlap
alerts, has anybody try this before? What's the result is like?

 

Many thanks!

 

HinSuk

 

________________________________

Look What The New Netscape.com Can Do!
Now you can preview dozens of stories and have the ones you select delivered
to you without ever leaving the Top Home Page. And the new Tool Box gives you
one click access to local Movie times, Maps, White Pages and more. Click to
test drive.