About a year ago I installed snort3 and pulledpork on ubuntu 24.04 to provide better protection on my home network.

I registered and used the LightSPD_ruleset, rule_mode=simple, ips_policy=balanced

Got it all working, and auto updating the LightSPD ruleset everyday.

At the start, I was checking the log $ tail -f /var/snort/alert_json.txt to see if it was working.

So I felt very happy and secure.

Then the other day I checked the log file a bit more and noticed the log file only had alert warnings and no rule actions like block or drop etc.

So then I checked the LightSPD_ruleset and noticed that by default the rule actions are all set to alert warnings.

Which means I have to monitor the log file and customize the rules myself.

While I’d call myself a linux enthusiast, I don’t have the expertise to do that.

Is there a way to get a rule set suitable for a home network?

I’m thinking there might be a community rule set suitable or pay for a subscribed Talos ruleset.

I’m assuming the subscribed ruleset comes with rule actions to provide protection, and instant threat updates.

Are my options correct?

Advise please.

PS: I am new to this mailing list.

Peter Lyons

_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave@lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette