Snort mailing list archives
Feedback on rule testing
From: James Dickenson <jdickenson () gmail com>
Date: Fri, 20 Dec 2013 09:12:50 -0800
Hey snort users, I've been talking with some co-workers recently about our in house rule development and about ways we could possibly improve it. I was wondering if any of you on the snort user list could give us your experience in regards to the process of creating rule you use at where you work or that you submit to ET or VRT. How do you sanity check the rules before you push them to your sensors? Do you have a formal lifecycle process and what does that entail? Do you automate the process somewhat with scripting or software and if so how? Your suggestions and comments are much appreciated, v/r - James D.
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Feedback on rule testing James Dickenson (Dec 20)
- Re: Feedback on rule testing Rob MacGregor (Dec 20)
- Re: Feedback on rule testing James Dickenson (Dec 20)
- Re: Feedback on rule testing Rob MacGregor (Dec 20)