[Emerging-Sigs] Rule question

Lay, James james.lay at wincofoods.com
Tue Oct 19 12:00:25 EDT 2010


I posted this in the snort-sigs group, and now I'm posting it here:

 

I guess there's something I do not understand as it relates to ET & VRT
rules.  As I understand it:

 

Snort VRT support 2.8.6.1 and 2.9.0

ET support 2.4-2.8.6

 

Is it just me or does this not make sense?  Why are ET rules even
bothering with unsupported versions of Snort, and not putting out rules
that are in line with supported versions of Snort?  I have to be
honest...from a home and business user, going from what used to be a
relatively easy rule management system, to what it is now has been
extremely time consuming and frustrating.  And, coming from someone who
has little knowledge of how the ET and VRT rulesets are
developed/maintained, I have to think that duplicate SID's seems to be
counterproductive.  I'll keep plodding along...thank you.

 

James  

 

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101019/9dc178e9/attachment.html


More information about the Emerging-sigs mailing list