Snort Rules and category questions



  • Hi there, ppl!
    I have 2 questions, which are perhaps stupid, but I hadn't found answers yet.
    1. Shall I use EmergingThreats rules as an addition to VRT rules, or as a substitution to VRT rules?
    The main idea is to minimize memory foortprint of Snort processes.
    2. Is there (and if it exists, where) a thorough documentation about categories of rules for both VRT and Emerging threats?
    There is some small piece of doc in EmergingThreats Wiki (http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ), but I wanted to get more deep look on those categories. I understand, that the best way is to analyze rules one by one, but it will take weeks, which I don't have.

    Thank in advance.


Log in to reply