Snort mailing list archives

Re: Rule set comparison

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 17:21:09 +0000

On Oct 3, 2017, at 11:47 AM, Joseph Roscioli via Snort-users <snort-users () lists snort org<mailto:snort-users () 
lists snort org>> wrote:

Hello,

I'm new to SNORT. I want to establish a good  rule set base. I have downloaded and installed the latest Registered rule 
set. I also downloaded the rules from GitHub.

Comparing the two sets I have found that although the Registered set  has newer copyright notices,  some of the rule 
files from GitHub have more rules. For instance the icmp.rules file in the Registered set is empty, whereas the one 
from GitHub has several uncommented rules that seem general enough for most networks.

So my question:  Is there a general reason why, for instance, the icmp rules are not part of the Registered set?


So first things first.  Where are you seeing these “Github” rules?  Anything in Github is non-official from us and 
should be removed.

That being said, icmp rules still exist.  They are in the “PROTOCOL-ICMP” category now.

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Rule set comparison Joseph Roscioli via Snort-users (Oct 03)
- Re: Rule set comparison Joel Esler (jesler) via Snort-users (Oct 03)