Disabled rule still applied even after service restart ?
-
I disabled teh ET- Policy ruleset on my interface and restarted snort on the interface and cleaed the log but i still see new messages regarding ET - Policy.
Have i missed something, is there a way to find out what is causing this :
1:2020565
ET POLICY Dropbox DNS Lookup - Possible Offsite File Backup in Usealso: is there a way to search for which ruleset a given sid is a part of (in this case 1:2020565) ? On the categories of the interface i can only search within one ruleset at a time.