4. Cant enable some rulesets in Snort IDS/IPS

Cant enable some rulesets in Snort IDS/IPS


  • Hi,

    I've noticed I cant enable some rules in the 2nd and 3rd column, does anyone know why? they seem to be grayed out and when i go to select them i just get a red cross symbol.

    Running;

    Pfsense  2.3.3-RELEASE-p1
    snort: 3.9.2.9_16

    Both are the latest,

    0
  • U

    Are you using IPS policy? If you are then depends on what you set to it's pre-defined so you won't be able to check the others per policy. Uncheck use IPS policy and it should allow you to check whatever you want.

    0
  • V

    If you're using one of the pre-defined IPS Policy settings (Connectivity, Balanced or Security), then the Snort rules are automatically selected. If you also add OpenAppID and ET rules, then you can select those rules, as they are not part of the pre-defined Snort IPS policies.

    Here's a post from the Snort blog about how rules are put into each of the pre-defined policies. CVSS score, time, and certain policy groups play a factor in those pre-defined policies.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy