Snort mailing list archives
how can improve detection of attack by snort 3
From: bz Os via Snort-users <snort-users () lists snort org>
Date: Wed, 30 May 2018 10:07:07 +0000
hello evry one i am using snort 3 as ids i loaded snort3 comunity rules and i uncommented all commented rules and i loaded this rules in the configuration file ,when i run snort 3957 rules are loaded . i run snort against a part on darpa dataset but as results i had only 3 detection ( "(http_Inspect)header line terminated by LF without a CR " and "(arp_spoof) unicast arp request " and "(ipv4)packet from reserved source address " in other hand i runed suricata against the same pcap file as rusults suricata detected a lot of attack , how can i add emerging threat to detect more attack by snort 3 or is there a method for improve the detection
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- how can improve detection of attack by snort 3 bz Os via Snort-users (May 30)
- Re: how can improve detection of attack by snort 3 Joel Esler (jesler) via Snort-users (May 30)
- Re: how can improve detection of attack by snort 3 bz Os via Snort-users (May 30)
- Re: how can improve detection of attack by snort 3 DFIRob via Snort-users (May 31)
- Re: how can improve detection of attack by snort 3 Joel Esler (jesler) via Snort-users (May 31)
- Re: how can improve detection of attack by snort 3 wkitty42 (May 31)
- Re: how can improve detection of attack by snort 3 bz Os via Snort-users (May 30)
- Re: how can improve detection of attack by snort 3 Joel Esler (jesler) via Snort-users (May 30)