Feedback on rule testing

[James Dickenson <jdickenson () gmail com>]

Hey snort users,

I've been talking with some co-workers recently about our in house rule
development and about ways we could possibly improve it.  I was wondering
if any of you on the snort user list could give us your experience in
regards to the process of creating rule you use at where you work or that
you submit to ET or VRT.  How do you sanity check the rules before you push
them to your sensors?  Do you have a formal lifecycle process and what does
that entail?  Do you automate the process somewhat with scripting or
software and if so how?

Your suggestions and comments are much appreciated,

v/r

- James D.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!