Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disabled Rules

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 12:51:41 +0000
On Oct 3, 2017, at 7:11 AM, Sam Hodgson <sam.hodgson () perfect-image co uk<mailto:sam.hodgson () perfect-image co uk>> 
wrote:

I have not disabled any rules, im using pulledpork for rule config and there is nothing set in disablesid.conf.  Is 
this normal to have the majority of rules disabled by default?

It depends on what policy you have set in the pulledpork.conf file.  Please check to see if you are running security, 
balanced, or connectivity.  I believe, by default, pulledpork uses balanced.  You can adjust this policy to security if 
you want to have more rules on by default.

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: