Home page logo

snort logo Snort mailing list archives

Re: Fine tuning Snort
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 8 Oct 2010 10:02:33 -0600

PulledPork has this functionality built in.. you can disable rules based on a PCRE.  I don't run McAfee VirusScan for 
instance, so I can disable all current and all future rules for it.  Also, it's currently being developed, unlike 

-----Original Message-----
From: Josh Little [mailto:josh () zombietango com] 
Sent: Friday, October 08, 2010 6:09 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Fine tuning Snort

I have a small tool written in Perl called Pigsty that will automate
finding any sigs in your enabled ruleset that match a pattern. The tool
will output a list of disablesid lines that you can then drop into your
oinkmaster.conf file or have the tool directly append the file. This
makes cleaning up your current rules much easier. You could probably
modify the oinkmaster perl script to run Pigsty just after the latests
sigs are downloaded and before the routine for commenting out disabled
sids completes.

Find it at http://zombietango.com/blog/tools/


Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]