Snort mailing list archives
Re: Rule set comparison
From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 17:21:09 +0000
On Oct 3, 2017, at 11:47 AM, Joseph Roscioli via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> wrote: Hello, I'm new to SNORT. I want to establish a good rule set base. I have downloaded and installed the latest Registered rule set. I also downloaded the rules from GitHub. Comparing the two sets I have found that although the Registered set has newer copyright notices, some of the rule files from GitHub have more rules. For instance the icmp.rules file in the Registered set is empty, whereas the one from GitHub has several uncommented rules that seem general enough for most networks. So my question: Is there a general reason why, for instance, the icmp rules are not part of the Registered set? So first things first. Where are you seeing these “Github” rules? Anything in Github is non-official from us and should be removed. That being said, icmp rules still exist. They are in the “PROTOCOL-ICMP” category now. -- Joel Esler Manager Talos Group http://www.talosintelligence.com
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Rule set comparison Joseph Roscioli via Snort-users (Oct 03)
- Re: Rule set comparison Joel Esler (jesler) via Snort-users (Oct 03)