Posted by user8446 on Feb 29, 2016; 9:40pm
URL: https://itus.accessinnov.com/Snort-rules-info-tp221.html

The shield is currently using the Open ruleset from Emerging Threats by Proofpoint: https://www.proofpoint.com/us/threat-intelligence-open-source-community

They post a daily ruleset summary so you can see what was added or deleted when your rules update: http://www.proofpoint.com/us/daily-ruleset-update-summary

The actual rules are here: https://rules.emergingthreats.net/open/snort-edge/rules/

The rules are changed from alert to drop so the packets are dropped.

Here is a new user guide regarding your rules: http://doc.emergingthreats.net/bin/view/Main/NewUserGuide

Here is a rulset FAQ showing what is included in the different categories. It's old though as many of the categories have changed: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ

It's mentioned here and around the web that tuning is critical for your ruleset. This keeps out the false positives and keeps your network fast. If you don't have a certain device, product, or application then you should delete those rules. Itus was getting feedback from users and through testing to also see what rules we're breaking things. Since we are doing it ourselves, it's important to watch the logs and collaborate.