[Oisf-users] Rules
Will Metcalf
william.metcalf at gmail.com
Mon Jun 21 12:09:02 UTC 2010
> What should we use as rules ? snort rules, ET rules, others ? or both ?
I would say both as they apply to your environment. For example there
is probably no reason to run emerging-web_server.rules or other rules
files for protecting web-apps/servers if you are not running one. You
have to decide what events are important to you and enable the
corresponding rule-sets enabling these rules. From there you will
probably still get quite a few false positives, so you will need to
further refine your rule-set's to meet your environment.
> are they the same ? "repeated" ?
Sometimes there are overlap's, but most of the time there are not.
Each rule-set has it's own respective strength's and weaknesses imho.
> How Can i uninstall Suricata ? (to try 0.9.2 v)
If you were building from the git repo before, you don't really need
to uninstall anything, you can just overwrite you existing
installation following ./configure && make && make install.
Regards,
Will
More information about the Oisf-users
mailing list