Monday, February 1

Snort Ruleset tuning, by the VRT

Awhile back here on this blog I wrote about PulledPork 0.3.4 being released and about the VRT making the "Connectivity, Balanced, and Security over Connectivity" policies.  Also about how you can use PulledPork to automate the updating of your open source Snort rules to take advantage of these recommendations.

Around about the same time VRT put a post up entitled the "VRT Guide to IDS Ruleset Tuning".  It was a good post, and I didn't really highlight it.  They post some really great examples towards the bottom of the post.  If you run a Snort installation and you've read some of my posts about Snort tuning, and "I've installed Snort, now what".  This is a good read as well.

Check it out here.

No comments: