Snort mailing list archives
Re: False alerts
From: Jim Forster <jforster () rapidnet com>
Date: Tue, 18 Dec 2001 14:33:00 -0700 (MST)
This was exactly why they were all broken into individual .rule files. :) Honestly, I prefer kicking it all on, and fine tuning when installing at a new office. - But I also fit the geek profile. -er Techie. Jim Forster Network Administrator RapidNet, A Golden West Company ------------------------------- On Wed, 19 Dec 2001, Steve Hutchins wrote:
Reading article: http://www.theregister.co.uk/content/55/23420.html I wondered why snort couldn't come with the ability or tool that asks which categories of systems are in use on the network to be monitored. So for example, you could spark up a configuration wizard that presents a list of O/S and apps, then removes the rules that don't apply to that environment. Obviously, this would mean specific tagging of rules. Anyone done something along this line? Obviously us 'techies' wouldn't use such a tool :O) Steve _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- False alerts Steve Hutchins (Dec 18)
- Re: False alerts Jim Forster (Dec 18)
- Re: False alerts Phil Wood (Dec 18)
- Re: False alerts Phil Wood (Dec 18)
- <Possible follow-ups>
- RE: False alerts Steve Hutchins (Dec 18)
- Re: False alerts John Sage (Dec 18)
- RE: False alerts Steve Hutchins (Dec 19)