Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Outdated rules

From: Frank Beer via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 24 Aug 2017 14:37:52 +0000 (UTC)
Dear Snort-Team,

as new Snort user, I recently had a discussion with colleagues about the roll-out process of rules in Snort without 
clear result. Therefore I'm writing you hoping for concrete answers: Suppose we have an active Snort rule in place 
covering a reported exploit. What happens with the rule in upcoming rule set releases if it is quite certain that the 
exploit cannot reoccur again for some reason (e.g. the exploit simply was fixed or system environment where the exploit 
can take action becomes obsolete)? I'm asking that, because we are afraid of potential false alarms caused by such 
rules in our system environment?

Best regards 
Jason

 

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: