Re: Security Ruleset - CVSS Level

["Joel Esler (jesler)" <jesler () cisco com>]

Vaughn,

It appears we've isolated the issue.  It would be fixed shortly.  Thank you for bringing this to our attention.

--
Joel Esler
Manager, Talos Group
Sent from my iPhone

On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote:

Vaughn,

Thanks for writing in.

So, there could be a couple things going on here, and I may have to get with the Meraki team to diagnose the problem.

First off, if we take a look at the ruleset:
https://www.snort.org/advisories/talos-rules-2016-01-07

You can see the "enabled"/"Disabled" state of the ruleset as shipped.  Now, that means "Balanced".  So if it's on in 
Balanced, it's on in security, as the more stringent rulesets also contain the lighter ruleset states, and sometimes 
make them "harsher".

That all being said, the Meraki device is a unique type of appliance.  You select the policy you want to run, and the 
system takes care of it for you.

So, there will be a couple things we'll have to diagnose here, and none of which you need to do.  I'll coordinate with 
the Meraki team to figure out what needs to be done.  Off the top of my head, it could be several things.

I'll follow up once I touch base with them.

Sent from my iPad

On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto:vaughn () aegisitnyc com>> wrote:

Hi Folks,

I am confused about the security ruleset setting in Snort. I am using a third party vendor (Cisco Meraki) and it seems 
that they haven't released a Security/Snort ruleset update to their MX security appliances because there have been no 
matching snort signature releases that match the Security Ruleset CVSS criteria. This seems confusing to me as there 
have been Microsoft, Adobe and Apple snort signatures since the 4th of December 2015, that are a CVSS of 6 and higher. 
Or am I mistaken?

If anyone is running the Security Ruleset in Snort (standalone), have you gotten an update? and can someone explain 
this to me, because what I see from US-Cert and the Talos releases seems to indicate that there should be an update.

Thanks!

--

-V
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!