Snort mailing list archives
Re: Snort vs Proofpoint Emerging Threats
From: Dave Killion <dave.killion () gmail com>
Date: Fri, 07 Oct 2016 15:15:27 +0000
We will probably go with both to make sure we are covered.
And that's mostly what everyone is counting on you to do. There's a similar problem with "Cyber Threat Intelligence" feeds as well - no one knows what they don't know, so if there isn't overlap, should you get both??? It's a thing, for sure... On Thu, Oct 6, 2016 at 10:47 AM Shawn Maggard <smaggard () watkins edu> wrote:
Thank you all for your help. We will probably go with both to make sure we are covered. On Wed, Oct 5, 2016 at 6:07 PM, <wkitty42 () windstream net> wrote: On 10/05/2016 06:10 PM, Joel Esler (jesler) wrote:I am sure there are plenty of people who would object to both sides ofthat argument. hahaha... i hear ya... i contemplated for over an hour on how to respond to that post O:)Some of the rules overlap, most don’t.true...You have to adjust the rulesets you are using by what your network issusceptible to. absolutely... you always have to tune the rules to one's network... there is no one-size-fits-all capability... personally speaking, we run both sets over here on a highly tuned setup... we don't break out the LART very much any more... these days, one of the noisiest are the MIRAI detection rules but they were noisy before we knew what it was ;)JoelOn Oct 5, 2016, at 5:50 PM, wkitty42 () windstream net wrote: On 10/05/2016 10:36 AM, Shawn Maggard wrote:We are building our pfSense box, and are trying to decide on which setof Snortrules to purchase: Snort's Sourcefire VRT, Emerging Threats (fromproofpoint),or both.ET's rules are front line stuff for catching new critters... Talos' rules are more for maintenance and protection... FWIW: Sourcefile VRT is now known as Talos... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted.------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort vs Proofpoint Emerging Threats Shawn Maggard (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats wkitty42 (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats Joel Esler (jesler) (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats wkitty42 (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats Shawn Maggard (Oct 06)
- Re: Snort vs Proofpoint Emerging Threats Dave Killion (Oct 07)
- Re: Snort vs Proofpoint Emerging Threats Joel Esler (jesler) (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats wkitty42 (Oct 05)