[Emerging-Sigs] Distribution Question for you
wkitty42 at windstream.net
Fri Oct 8 12:58:03 EDT 2010
On 10/8/2010 11:42, Matthew Jonkman wrote:
> We are about to make the new open ruleset available for general download. The beta testers have done a great job helping us out there in finding any remaining issues (Thanks to them all!!!)
> I have a question for everyone though. We brought in the old snort GPL rules (sid 3464 and prior) as well as the valuable rules from the community ruleset, and we converted them to the platforms we're supporting (2.4, 2.8.4, 2.8.6, suricata, and snort 2.9 shortly).
> Now, if you're using the VRT rules and adding in the ET open rules you'll have sid conflicts, since they also include some of the GPL sigs in the VRT set. So we OUGHT to just not include them in the ET open ruleset, but that only applies if you're using VRT.
i'd say that it looks like another set to be made available...
ET-Open_4VRT - the set to use as an add-on with the VRT set
ET-Open_!4VRT - the set that has everything to be used instead of the VRT set
now who will fail at knowing the '!' means "not"?? ;)
More information about the Emerging-sigs