Awhile back here on this blog I wrote about PulledPork 0.3.4 being released and about the VRT making the "Connectivity, Balanced, and Security over Connectivity" policies. Also about how you can use PulledPork to automate the updating of your open source Snort rules to take advantage of these recommendations.
Around about the same time VRT put a post up entitled the "VRT Guide to IDS Ruleset Tuning". It was a good post, and I didn't really highlight it. They post some really great examples towards the bottom of the post. If you run a Snort installation and you've read some of my posts about Snort tuning, and "I've installed Snort, now what". This is a good read as well.
Check it out here.
Subscribe to:
Post Comments (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
In my constant state of trying to make things a bit more efficient for myself. (I'm a big believer in automation, ask anyone that has e...
No comments:
Post a Comment