Snort mailing list archives
Re: Rules included in the VRT base policies
From: Y M via Snort-sigs <snort-sigs () lists snort org>
Date: Sun, 20 May 2018 21:21:56 +0000
I guess this is already done in the rules’ metadata field, within each rule. A category may contain rules that may or may not belong to a policy. The criteria in the page you referenced governs the policy placement, AFAIK. Another way to figure this out would be using PulledPork. On the first run, choose the connectivity policy and dump the rules into a single file (snort.rules). On the second run, shoes the balanced policy, and so on. You can keep each run’s rules separate for comparison sake. At the end of each run, PulledPork will print out the stats. You should see the number of enabled of enabled rules increase as you expand the policy. Here is additional documentation that may not be directly related to your question, but good to know. http://blog.snort.org/2012/03/rule-category-reorganization.html http://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html http://blog.snort.org/2012/10/rule-category-reorganization-phase-3.html YM ________________________________ From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Antonio Leding <tech () leding net> Sent: Sunday, May 20, 2018 11:59:10 PM To: mailer - snort; mailer - snort Subject: [Snort-sigs] Rules included in the VRT base policies Hello Snort community, Is there any reference that describes what rules are contained in each of the 4 VRT policies? I did find a very brief discussions at: https://www.snort.org/documents/215 however this is a very high-level discussion - nothing about specific rules...
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rules included in the VRT base policies Antonio Leding (May 20)
- Re: Rules included in the VRT base policies Y M via Snort-sigs (May 20)