Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 843 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

snort : astaro

simby
Hi!

What is the difernt betwen snort 30.000 rules and astaro 10.000 rules?

Why is 20.000 IPS rules missing?


This thread was automatically locked due to age.
Parents
  • 0
    Many of the rules in the community database version of snort have not been rigorously tested and can frequently cause false positives.  As well, there are many rules which don't work or have long ago been superseded.  Astaro is a commercial product, so must be more diligent about the rule sets that it uses, so as not to cause issues for its' paying business customers.

    This does not make it less secure, but more tuned for efficiency and usability.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0
    Many of the rules in the community database version of snort have not been rigorously tested and can frequently cause false positives.  As well, there are many rules which don't work or have long ago been superseded.  Astaro is a commercial product, so must be more diligent about the rule sets that it uses, so as not to cause issues for its' paying business customers.

    This does not make it less secure, but more tuned for efficiency and usability.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Cookie Information Banner