IDS mailing list archives
Re: Snort
From: James Riden <j.riden () massey ac nz>
Date: Tue, 05 Oct 2004 14:24:03 +1300
"Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk> writes:
--On 30 September 2004 20:35 -0400 Martin Roesch <roesch () sourcefire com> wrote:Just one note from me. If you're going to only pay attention to priority 1 events then you need to tune the priorities on your rules for your environment.Quite correct, Marty (unsurprisingly!). Incidentally, by 'report on ' I was meaning 'send email about' or similar. It's good practice, IMHO, to log *everything* (albeit thresholded, maybe) for later analysis of events.
Absolutely. That nessus scan today might turn into a full-blown attack tomorrow and it's nice to be able to correlate all the activity from a particular IP address/range. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Snort vvaduva (Sep 30)