Snort mailing list archives
Re: Snort Rule management
From: Ian via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 06 Sep 2021 06:27:31 +0000
Hi Marc, Aside from commenting/removing the rules out of your snort.conf file I'm not sure there is any "better way". Keep in mind I am only familiar with Snort in lab environments, my team has not been able to use snort in production. This page is my go-to though, I would look through the manuals section near the bottom. Snort.org Snort3 Resources Hope that helps some. Take care. -----------------------------------------------------------Ian Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, September 5th, 2021 at 9:29 AM, Marc <marc () mirabilisllc com> wrote:
Hi,
What would be a good reference on managing (not writing) Snort3 Rules? Specifically, I am running Snort 3.1.6 with SO rules and Pulled Pork. I am having difficulty removing rules (e.g. a noisy ICMP rule ). I am looking for a concise reference or alternately a tutorial on commenting out rules and recompiling them. I have tried commenting out the rule in pulledpork.rules and local.rules and restarting Snort, but that didn’t do it. Thank you.
Regards,
Marc
Attachment:
publickey - hartescout@protonmail.com - 0x667ABB5F.asc
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Rule management Marc (Sep 05)
- Re: Snort Rule management Ian via Snort-sigs (Sep 06)
- Re: Snort Rule management Noah Dietrich (Sep 06)
- Re: Snort Rule management Marc (Sep 06)
- Re: Snort Rule management Noah Dietrich (Sep 06)
- Re: Snort Rule management Ian via Snort-sigs (Sep 06)