Snort mailing list archives
Re: Snort.org Blog: Snort VRT Default Ruleset Rebalancing
From: Patrick Mullen <pmullen () sourcefire com>
Date: Wed, 8 Aug 2018 13:25:07 -0400
I am having a confusion regarding the CVSS score being used in snort VRT
ruleset.
As this article (https://lists.snort.org/pipermail/snort-sigs/2013-
October/011538.html) discribes,
"The main metric used is the CVSS score assigned to each vulnerability
that might be covered by a rule."
I am confused on what CVSS Metric Group is being considered here? Base,
Temporal or Environmental? Delores, We use the base score, as that is unchanging. The temporal score incorporates time and other considerations and environmental incorporates items specific to a network that we are not privy to. In reality, we use the CVSS score plus our own judgement to determine when a rule should be included. Generally speaking, we don't use judgement to remove a rule from policy when it meets CVSS and age requirements, but we certainly will add rules to policy that do not meet CVSS and/or age requirements for a policy if we think it's important enough. Thanks, ~Patrick
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort.org Blog: Snort VRT Default Ruleset Rebalancing Delores Black (Aug 07)
- Re: Snort.org Blog: Snort VRT Default Ruleset Rebalancing Patrick Mullen (Aug 08)