Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Mapping rules to policies

From: Joseph Roscioli via Snort-users <snort-users () lists snort org>
Date: Thu, 28 Sep 2017 10:19:15 -0400
Hello,

I am new to SNORT. I plan to run SNORT as an IDS. I downloaded the
Registered rules set. I noticed that many of the rules are commented out.
The FAQ "Why are rules commented out by default?" referred to policies

"There are five states that we place rules in when we create them, four of
the states are assigned to policies. - Connectivity over Security
(Connectivity) - Either in “alert” or “drop” - Balanced (Balanced) - Either
in “alert” or “drop” - Security over Connectivity (Security) - Either in
“alert” or “drop”"

My question is : How do I know which policy a given rule is in? The FAQ
answer contains "when you aren’t using the policies".
I did not see any mention of policies in the User Manual.

I assume that the uncommented rules are those considered  in the "balanced"
state or policy.

Thanks in advance for your help.

Joe

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: