Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I configure my Snort IDS/IPS to detect vulnerability scans from Nessus, openVAS, Metasploit and others?

    Scheduled Pinned Locked Moved
    IDS/IPS
    3
    3
    763
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Teo En Ming
      last edited by

      Good afternoon from Singapore,

      Can I configure my Snort IDS/IPS to detect vulnerability scans from
      Nessus, openVAS, metasploit and other vulnerability scanners?

      Which preprocessor and snort rules do I have to turn on?

      I am looking forward to hearing from you.

      Thank you.

      Mr. Turritopsis Dohrnii Teo En Ming

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        You're asking if snort has rules available that can detect "Nessus, openVAS, Metasploit and others" ?
        What about asking them ? https://www.snort.org/documents at the bottom of the page.

        For the 'good' and recent rules, a subscription is needed.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • G
          garyd
          last edited by

          I highly recommend a personal subscription to the Snort personal subscription as they're only US$30/year. However, I would also be wary of turning on too many rules at once as it can make a noticeable hit to your throughput speed as well as increased resource usage on your pfSense system.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post