Snort mailing list archives
Re: Mapping rules to policies
From: wkitty42 () windstream net
Date: Thu, 28 Sep 2017 12:28:46 -0400
On 09/28/2017 10:19 AM, Joseph Roscioli via Snort-users wrote:
"There are five states that we place rules in when we create them, four of the states are assigned to policies. - Connectivity over Security (Connectivity) - Either in “alert” or “drop” - Balanced (Balanced) - Either in “alert” or “drop” - Security over Connectivity (Security) - Either in “alert” or “drop”"My question is : How do I know which policy a given rule is in? The FAQ answer contains "when you aren’t using the policies".I did not see any mention of policies in the User Manual.
look at the rules and you'll see a "meta" keyword... it will list the policies a rule is assigned to... not all rules will carry this information, though...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Mapping rules to policies Joseph Roscioli via Snort-users (Sep 28)
- Re: Mapping rules to policies wkitty42 (Sep 28)