Snort mailing list archives
Re: Snort 2.9.6 doesn't alert using subscribed VRT ruleset but with ETOpen
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 5 Apr 2014 14:54:33 +0000
Depends on what software and plugins you are using doesn't it? It's all dependent on your network. -- Joel Esler Sent from my iPhone
On Apr 5, 2014, at 4:25, "ped () gmx it" <ped () gmx it> wrote: Thanks Joel, the issues was with the disabled rule. Once I enabled it, Snort started to alert using VRT ruleset. I know the selection of ruleset is subjective to the environment, is there any best practice for a set of rule that should be enabled when you want to monitor a single Internet facing webserver and ssh server? Thanks, Ped On Sat, Apr 5, 2014 at 1:14 AM, Joel Esler (jesler) <jesler () cisco com> wrote: Have you tried: https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md Rule 2100498 is a copy of the VRT rule sid:498. It’s disabled by default in the ruleset, so you may have to enable it (notice that we don’t enable everything by default) -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort 2.9.6 doesn't alert using subscribed VRT ruleset but with ETOpen ped (Apr 05)
- Re: Snort 2.9.6 doesn't alert using subscribed VRT ruleset but with ETOpen Joel Esler (jesler) (Apr 05)