Snort mailing list archives

Re: Snort vs Proofpoint Emerging Threats

From: Dave Killion <dave.killion () gmail com>
Date: Fri, 07 Oct 2016 15:15:27 +0000

We will probably go with both to make sure we are covered.


And that's mostly what everyone is counting on you to do.

There's a similar problem with "Cyber Threat Intelligence" feeds as well -
no one knows what they don't know, so if there isn't overlap, should you
get both???

It's a thing, for sure...

On Thu, Oct 6, 2016 at 10:47 AM Shawn Maggard <smaggard () watkins edu> wrote:

Thank you all for your help. We will probably go with both to make sure we
are covered.

On Wed, Oct 5, 2016 at 6:07 PM, <wkitty42 () windstream net> wrote:

On 10/05/2016 06:10 PM, Joel Esler (jesler) wrote:

I am sure there are plenty of people who would object to both sides of

that argument.

hahaha... i hear ya... i contemplated for over an hour on how to respond
to that
post O:)

Some of the rules overlap, most don’t.


true...

You have to adjust the rulesets you are using by what your network is

susceptible to.

absolutely... you always have to tune the rules to one's network... there
is no
one-size-fits-all capability... personally speaking, we run both sets over
here
on a highly tuned setup... we don't break out the LART very much any
more...
these days, one of the noisiest are the MIRAI detection rules but they were
noisy before we knew what it was ;)

Joel

On Oct 5, 2016, at 5:50 PM, wkitty42 () windstream net wrote:

On 10/05/2016 10:36 AM, Shawn Maggard wrote:

We are building our pfSense box, and are trying to decide on which set

of Snort

rules to purchase: Snort's Sourcefire VRT, Emerging Threats (from

proofpoint),

or both.


ET's rules are front line stuff for catching new critters...

Talos' rules are more for maintenance and protection...

FWIW: Sourcefile VRT is now known as Talos...


--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list* unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!



--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort vs Proofpoint Emerging Threats Shawn Maggard (Oct 05)
- Re: Snort vs Proofpoint Emerging Threats wkitty42 (Oct 05)
  - Re: Snort vs Proofpoint Emerging Threats Joel Esler (jesler) (Oct 05)
    - Re: Snort vs Proofpoint Emerging Threats wkitty42 (Oct 05)
    - Re: Snort vs Proofpoint Emerging Threats Shawn Maggard (Oct 06)
    - Re: Snort vs Proofpoint Emerging Threats Dave Killion (Oct 07)