Portal Home > Knowledgebase > Articles Database > Best Snort rules site
Best Snort rules site
| Posted by jalapeno55, 04-30-2008, 10:17 PM |
| Like the mod_security post...I doubt anyone is writing their own rules so what do you think is the best site for Snort rules for a web server which are strong but also do not result in many false positives.
|
| Posted by Scott.Mc, 04-30-2008, 11:39 PM |
| Without a doubt, bleedingthreats.net
|
| Posted by Serverevo, 05-01-2008, 12:01 AM |
| Bleeding threats went away a while back, you now have to go to the new home emerging threats... The new one is run by the same guy who created bleeding (Matt Jonkman) and it is actively maintained unlike bleeding today.
http://www.emergingthreats.net/
|
| Posted by Scott.Mc, 05-01-2008, 12:33 AM |
| Which would explain why it hasn't been updated. Goes to show that I should follow the mailing lists more.
Just wanted to say thanks for that, I wasn't even aware Matt had strated emergingthreats afterwords. Even though I don't need to operate pretty much any new rules I have made a note, thanks.
|
| Posted by jalapeno55, 05-01-2008, 10:59 PM |
| Thanks!
Which rule sets do you use from there?
It looks like I should use these 5:
emerging-attack_response.rules
emerging-web.rules
emerging-web_sql_injection.rules
emerging-exploit.rules
emerging-attack_response.rules
Are there any others that you use? Do you use any of the Snort VRT rules in addition to those?
|
Add to Favourites 
Print this Article
Also Read
