Snort mailing list archives

Rule set comparison

From: Joseph Roscioli via Snort-users <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 11:47:44 -0400

Hello,

I'm new to SNORT. I want to establish a good  rule set base. I have
downloaded and installed the latest Registered rule set. I also downloaded
the rules from GitHub.

Comparing the two sets I have found that although the Registered set  has
newer copyright notices,  some of the rule files from GitHub have more
rules. For instance the icmp.rules file in the Registered set is empty,
whereas the one from GitHub has several uncommented rules that seem general
enough for most networks.

So my question:  Is there a general reason why, for instance, the icmp
rules are not part of the Registered set?

Thanks in advance for your help.

Joe

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Rule set comparison Joseph Roscioli via Snort-users (Oct 03)
- Re: Rule set comparison Joel Esler (jesler) via Snort-users (Oct 03)