Re: Puresecure IDS documentation

[-SIMON- <simon () snosoft com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well,
	Its been a while since I've used it but one thing that I noticed the 
last time (not sure if this holds water any more) is that you need to 
delete events often.  If you are on an ISP grade network standard NIDS 
generate amazingly large amounts of false positives... which can be 
circumvented with paitence...

So, my advice, dmarc will become slow if there are too many alerts... 
delete often... is this still true?  I sure hope I am full of it...

N30 wrote:
> Hi All,
>
> I have installed puresecure IDS from Demarc. It is snort based.
>
> But I cannot find a good document to configure it. It seems to have lot of
> options.
>
> The home site is not a great help.
>
> Any pointers/feedback/links appreciated....
>
> Thanks in advance
> -n
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


- -- 

- -simon-
        http://www.snosoft.com
        Tibetan "Book of the Dead," ca. 4000 BC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/S7pnf3Elv1PhzXgRApp7AJ9DwI5X5JGdFU1MTeQVrz8UAIC/lgCfS7XX
dKSXKIE4p3/81qCqXIb5Rqg=
=hIrY
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------