Snort rules order
-
@bmeeks But snort is more integrated in pfsense than suricata? any profit or doesnt matter ,except multitreading
-
@Antibiotic said in Snort rules order:
@bmeeks But snort is more integrated in pfsense than suricata? any profit or doesnt matter ,except multitreading
I do not understand your question. What do you mean by "more integrated" and "any profit"?
The translation to English does not appear to be working well.
-
@bmeeks I mean, suricata also well tested as snort before put to pfsense repo?You are doing snort. who is making suricata for pfsense?
-
@Antibiotic said in Snort rules order:
@bmeeks I mean, suricata also well tested as snort before put to pfsense repo?
I created the Suricata package on pfSense, and I have maintained the Snort package for more than 10 years. There is no difference in testing for either package. In fact, the GUI portions of both packages are in many cases identical since they share the same PHP code base.
Both rely on custom plugins used for blocking on pfSense, and both have underlying binary components provided by an upstream source.
I still don't really understand your question.
-
@bmeeks Ah ok)) clear now
-
@bmeeks Emerging Threats Pro rules is too expensive)))
-
@bmeeks But snort have ja3 fingerprint detection and droping functionality or ja4
-
@bmeeks Hello again!
Now did dropsid for some rules and its working. But how to make drop action for whole category?Lets say category: emergening-ja3-rules want to drop action for all category.The numbers are going not but orders and click whole category too long or make dropsid with a different numbers. Is it possible to make drop action for whole category? Suricata
-
@Antibiotic said in Snort rules order:
@bmeeks Hello again!
Now did dropsid for some rules and its working. But how to make drop action for whole category?Lets say category: emergening-ja3-rules want to drop action for all category.The numbers are going not but orders and click whole category too long or make dropsid with a different numbers. Is it possible to make drop action for whole category? Suricata
Go read this Sticky Post at the top of this sub-forum: https://forum.netgate.com/topic/128480/how-automatic-sid-management-and-user-rule-overrides-work-in-snort-and-suricata.
-
This post is deleted!
