Default rule set

["Sallee, Jake" <Jake.Sallee () umhb edu>]

Hello All:

Does anyone have a recommendation for a default rule set?  I am tuning my snort instances and the information I am 
finding seems to be that I need to try to keep my rules under 7k.  The default ET rule set is ~15k if I am not 
mistaken, so I am looking for a good starting point.

If anyone could share any wisdom about disabling whole ranges and/or categories I would very much appreciate it, also 
if anyone has a standard list of entries to put in my disablesid.conf as a good starting point I would be very grateful.

If it helps, I work for a small private university with a sizeable resident population of students that I am 
essentially an ISP for and also have the standard office/corporate environment for my faculty/staff users too.  Oh, and 
I have a full BYOD network on both the student and faculty/staff networks ... so, yeah ... I don't sleep at night.

Thank you in advance for any assistance you may be able offer.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!