Snort mailing list archives
Re: Is the reputation preprocessor still experimental?
From: "Guillaume Daleux" <guillaume.daleux () abovesecurity com>
Date: Fri, 15 Jun 2012 08:53:15 -0400
Hello, For information, we use it for two months in a preproduction environment and it works very well. We have only one problem with the react keyword which works in detection rules but not with reputation rule. preprocessor reputation: blacklist ip_reputation, scan_local config react: /usr/local/IDS/snort/snortIPS1/conf/block.html with rule : drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; react; ) Thanks you -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Thursday, June 14, 2012 5:39 PM To: Miguel Alvarez Cc: Snort Users Subject: Re: [Snort-users] Is the reputation preprocessor still experimental? On Jun 12, 2012, at 2:09 PM, Miguel Alvarez <miguellvrz9 () gmail com> wrote:
Hello, I was just looking at the README.reputation and it says that it is experimental and not to be used in production environments. Is that still the case?
It's still experimental, and there are more improvements to it in the next version of Snort, however, we need as many people to test it as possible. Thanks. Joel ------------------------------------------------------------------------ ------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Is the reputation preprocessor still experimental? Miguel Alvarez (Jun 14)
- Re: Is the reputation preprocessor still experimental? Joel Esler (Jun 14)
- Re: Is the reputation preprocessor still experimental? Guillaume Daleux (Jun 15)
- Re: Is the reputation preprocessor still experimental? Russ Combs (Jun 20)
- Re: Is the reputation preprocessor still experimental? Guillaume Daleux (Jun 15)
- Re: Is the reputation preprocessor still experimental? Joel Esler (Jun 14)