Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cant enable some rulesets in Snort IDS/IPS

    IDS/IPS
    3
    3
    769
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mr_JinX
      Mr_JinX last edited by

      Hi,

      I've noticed I cant enable some rules in the 2nd and 3rd column, does anyone know why? they seem to be grayed out and when i go to select them i just get a red cross symbol.

      Running;

      Pfsense  2.3.3-RELEASE-p1
      snort: 3.9.2.9_16

      Both are the latest,

      1 Reply Last reply Reply Quote 0
      • U
        u3c307 last edited by

        Are you using IPS policy? If you are then depends on what you set to it's pre-defined so you won't be able to check the others per policy. Uncheck use IPS policy and it should allow you to check whatever you want.

        1 Reply Last reply Reply Quote 0
        • MikeV7896
          MikeV7896 last edited by

          If you're using one of the pre-defined IPS Policy settings (Connectivity, Balanced or Security), then the Snort rules are automatically selected. If you also add OpenAppID and ET rules, then you can select those rules, as they are not part of the pre-defined Snort IPS policies.

          Here's a post from the Snort blog about how rules are put into each of the pre-defined policies. CVSS score, time, and certain policy groups play a factor in those pre-defined policies.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • First post
            Last post