Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dynamicdetection rules

From: "Nerijus Krukauskas" <nkrukauskas () gmail com>
Date: Fri, 15 Feb 2008 14:38:38 +0200
On 14/02/2008, Richard Bejtlich <taosecurity () gmail com> wrote:

Nerijus Krukauskas wrote:


How do I enable dynamicdetection rules?


I wrote a whole Snort Report

http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_tax307691,00.html

on this topic. Specifically,

http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1299181,00.html

Please see if it answers your question.

Sincerely,

Richard


  Thanks a lot. The part I was missing: all entries in so_rules/*rules
were commented out. As soon as I added them into snort config w/o
comments they were loaded and started to generate alerts.
  A very good article, Richard. Thanks again.

--
http://nk99.org/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: