Re: Snort Rule management

[Ian via Snort-sigs <snort-sigs () lists snort org>]

Hi Marc,
Aside from commenting/removing the rules out of your snort.conf file I'm not sure there is any "better way". Keep in 
mind I am only familiar with Snort in lab environments, my team has not been able to use snort in production.

This page is my go-to though, I would look through the manuals section near the bottom. Snort.org Snort3 Resources

Hope that helps some. Take care.

-----------------------------------------------------------Ian

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Sunday, September 5th, 2021 at 9:29 AM, Marc <marc () mirabilisllc com> wrote:

> Hi,

> What would be a good reference on managing (not writing) Snort3 Rules?  Specifically, I am running Snort 3.1.6 with 
> SO rules and Pulled Pork.  I am having difficulty removing rules (e.g. a noisy ICMP rule ).  I am looking for a 
> concise reference or alternately a tutorial on commenting out rules and recompiling them.  I have tried commenting 
> out the rule in pulledpork.rules and local.rules and restarting Snort, but that didn’t do it.   Thank you.

> Regards,

> Marc

Attachment: publickey - hartescout@protonmail.com - 0x667ABB5F.asc
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!