Snort mailing list archives

Re: False alerts

From: Jim Forster <jforster () rapidnet com>
Date: Tue, 18 Dec 2001 14:33:00 -0700 (MST)

This was exactly why they were all broken into individual .rule files.  :)
Honestly, I prefer kicking it all on, and fine tuning when installing at
a new office. - But I also fit the geek profile. -er Techie.

Jim Forster
Network Administrator
RapidNet, A Golden West Company
-------------------------------


On Wed, 19 Dec 2001, Steve Hutchins wrote:

Reading article: http://www.theregister.co.uk/content/55/23420.html

I wondered why snort couldn't come with
the ability or tool that asks which categories of
systems are in use on the network to be monitored.
So for example, you could spark up a configuration
wizard that presents a list of O/S and apps, then
removes the rules that don't apply to that environment.
Obviously, this would mean specific tagging of rules.
Anyone done something along this line? 

Obviously us 'techies' wouldn't use such a tool :O)

Steve

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

False alerts Steve Hutchins (Dec 18)
- Re: False alerts Jim Forster (Dec 18)
- Re: False alerts Phil Wood (Dec 18)
- Re: False alerts Phil Wood (Dec 18)
- <Possible follow-ups>
- RE: False alerts Steve Hutchins (Dec 18)
  - Re: False alerts John Sage (Dec 18)
- RE: False alerts Steve Hutchins (Dec 19)