Re: Snort.org Blog: Snort VRT Default Ruleset Rebalancing

[Patrick Mullen <pmullen () sourcefire com>]

> I am having a confusion regarding the CVSS score being used in snort VRT
ruleset.
> As this article (https://lists.snort.org/pipermail/snort-sigs/2013-
October/011538.html) discribes,
> "The main metric used is the CVSS score assigned to each vulnerability
that might be covered by a rule."
> I am confused on what CVSS Metric Group is being considered here? Base,
Temporal or Environmental?


Delores,

We use the base score, as that is unchanging.  The temporal score
incorporates time and other considerations and environmental incorporates
items specific to a network that we are not privy to.

In reality, we use the CVSS score plus our own judgement to determine when
a rule should be included.  Generally speaking, we don't use judgement to
remove a rule from policy when it meets CVSS and age requirements, but we
certainly will add rules to policy that do not meet CVSS and/or age
requirements for a policy if we think it's important enough.


Thanks,

~Patrick

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!