Monday, February 1

Snort Ruleset tuning, by the VRT

Awhile back here on this blog I wrote about PulledPork 0.3.4 being released and about the VRT making the "Connectivity, Balanced, and Security over Connectivity" policies.  Also about how you can use PulledPork to automate the updating of your open source Snort rules to take advantage of these recommendations.

Around about the same time VRT put a post up entitled the "VRT Guide to IDS Ruleset Tuning".  It was a good post, and I didn't really highlight it.  They post some really great examples towards the bottom of the post.  If you run a Snort installation and you've read some of my posts about Snort tuning, and "I've installed Snort, now what".  This is a good read as well.

Check it out here.

No comments:

A shortcut to make a PDF out of a webpage and save it to

While on MacOS (and iOS) you can use the Share Sheet from Safari to share a webpage to Notes, it only shares the title, URL, and the favicon...