Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

snort : astaro

simby
Hi!

What is the difernt betwen snort 30.000 rules and astaro 10.000 rules?

Why is 20.000 IPS rules missing?


This thread was automatically locked due to age.
  • 0
    You can find lists of the different snort rules used in Astaro at Index of /lists.
  • 0 in reply to Scott_Klassen
    I'm sorry, but unfortunately still do not know why it has 20,000 fewer rules in its database, compared with a publicly available database of Snort, which is used for IPS Astaro. Does this mean that we have less secure network with Astaro 8200?
  • 0
    Many of the rules in the community database version of snort have not been rigorously tested and can frequently cause false positives.  As well, there are many rules which don't work or have long ago been superseded.  Astaro is a commercial product, so must be more diligent about the rule sets that it uses, so as not to cause issues for its' paying business customers.

    This does not make it less secure, but more tuned for efficiency and usability.