Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rules

From: Amit B <amn0p () me com>
Date: Mon, 26 Mar 2012 20:20:49 -0500
I am using Snort 2.9.2 and pulledpork to pull latest paid subscription rulesets. I am just curious with preprocessor 
and decorder alerts disabled I was wondering how many rulesets are actually active to alert me on security events. 
Pulledpork gives following stats
 
Rule Stats....
        New:-------134
        Deleted:---3
        Enabled Rules:----2803
        Dropped Rules:----0
        Disabled Rules:---9571
        Total Rules:------12374
        Done
I am guessing  2803 rules are actually enabled (rules and so rules combined). Please correct me if I am wrong. 
 
So does Snort enable only priority rules and disables rules that were written to catch old/older attacks/issues/risks? 
Just wondering how Snort priorities signatures in its every release. Are these signatures enough to catch most common 
anomalies or issues, is the number comparable to what other vendors release?
 
Thanks,
Ams

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: