Snort mailing list archives
Re: Snort rules Commented
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 17 May 2016 23:50:12 +0000
take a look at the policies specified in the “metadata” section of the rule. What rules make it into those policies, are outlined in the below article. -- Joel Esler Manager, Talos Group On May 17, 2016, at 4:03 PM, Asad, Hafiz ul <Hafiz-ul.Asad () city ac uk<mailto:Hafiz-ul.Asad () city ac uk>> wrote: As far I've understood, it's a rule of thumb and is decided by a user. asad ________________________________ From: João Soares <joaops () dei uc pt<mailto:joaops () dei uc pt>> Sent: Tuesday, May 17, 2016 7:41:53 PM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort rules Commented Greetings, This is also a question I've had for some time. This FAQ tries to answer to that question: https://www.snort.org/faq/why-are-rules-commented-out-by-default However, I'm not sure I understood what they mean with policies, is it something configurable? Or purely theoretical policies in which we decide what is better for our environment? On 05/17/2016 03:55 PM, Asad, Hafiz ul wrote: Hi Snort users, I have been using Snort for the last couple of months. I have been trying to do some evasion tests but was not getting any alerts. Then I realized that most of the alerts in the “snort.rules” (which I downloaded using pulledpork) were commented out. After uncommenting all the rules, I am now getting alerts for different evasion tests. Is this the right approach to use snort with registered and community rules? asad Hafiz ul Asad Research Assistant Center for Software Reliability School of Mathematics, Computer Science & Engineering City University London, EC1V 0HB London Tel : +44 (0) 20 7040 8422 ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! -- João Soares SIC - Serviço de Informática e Comunicações https://helpdesk.dei.uc.pt<https://helpdesk.dei.uc.pt/> Department of Informatics Engineering Faculty of Science and Technology University of Coimbra ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rules Commented Asad, Hafiz ul (May 17)
- Re: Snort rules Commented João Soares (May 17)
- Re: Snort rules Commented Asad, Hafiz ul (May 17)
- Re: Snort rules Commented Asad, Hafiz ul (May 17)
- Re: Snort rules Commented Joel Esler (jesler) (May 17)
- Re: Snort rules Commented João Soares (May 17)