[Oisf-users] Rules

Anas.B a.bouhsaina at gmail.com
Mon Jun 21 12:42:56 UTC 2010


Thanks WILL
what about PGP Signatures !!!

I'm writing a detailed report about installing Suricata in frensh,

You can check it after, and w'll publish it if you want


A.b.A

2010/6/21 Will Metcalf <william.metcalf at gmail.com>

> > What should we use as rules ? snort rules, ET rules, others ? or both ?
> I would say both as they apply to your environment.  For example there
> is probably no reason to run emerging-web_server.rules or other rules
> files for protecting web-apps/servers if you are not running one.  You
> have to decide what events are important to you and enable the
> corresponding rule-sets enabling these rules.  From there you will
> probably still get quite a few false positives, so you will need to
> further refine your rule-set's to meet your environment.
>
>
> > are they the same ? "repeated" ?
> Sometimes there are overlap's, but most of the time there are not.
> Each rule-set has it's own respective strength's and weaknesses imho.
>
> > How Can i uninstall Suricata ? (to try 0.9.2 v)
> If you were building from the git repo before, you don't really need
> to uninstall anything, you can just overwrite you existing
> installation following ./configure && make && make install.
>
> Regards,
>
> Will
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100621/a1c3a3d2/attachment-0002.html>


More information about the Oisf-users mailing list