[Oisf-users] Alternatives to ET Pro?
Victor Julien
lists at inliniac.net
Tue Feb 9 16:11:41 UTC 2016
On 09-02-16 16:56, Jeremy MJ wrote:
> Have you looked at snort's paid rule set? Can't speak to quality
> recently, we haven't used it in a couple of years.
I can't comment on the quality of the TALOS set, but I can tell you it's
status for Suricata is a bit unclear. As far as I know, the TALOS team
is not supporting Suricata. So I suspect performance (and even accuracy)
of this rule set on Suricata is going to be suboptimal.
On our side we do a bit of testing with it every now and then, but it
doesn't go much further than making sure the rules load w/o error (and
there are some open issues with that even).
I would love to work with some of the TALOS ppl on improving this
situation. (I know you guys are on the list :P)
With ET on the other hand, we do massive accuracy regression testing. We
have pcaps for virtually every ET rule, and the regression testing is
part of our CI system.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list