Snort mailing list archives
Re: Automated snort tuner
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 28 Apr 2003 14:34:10 -0400
At 03:02 PM 4/28/2003 +0100, Always Bishan wrote:
Hi guys, Do we have an automated tuner for snort, or Is anybody doing it? Thanx. Bishan
"automated tuner"? Do you mean something that automatically re-tweaks your ruleset for you?
Personally, I don't think I'd advise anyone to consider writing such a tool. People might be tempted to use it and not tune their setups themselves.
There's a very large amount of subjective opinion that goes into tuning a snort setup and an immense number of variables to consider. Any automated tool would do a half-assed job at best.
You could argue that an automated tuning would be a good starting place, but I'd suspect most sysadmins would use it, and leave it as is without thinking about it. Besides, you need to be intimately familiar with your configuration in order to be able to make good sense of the alerts that are generated anyway. So auto-tuning doesn't save you much time anyway. You'll still have to thumb through the ruleset manually.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Automated snort tuner Always Bishan (Apr 28)
- Re: Automated snort tuner Bennett Todd (Apr 28)
- Re: Automated snort tuner Matt Kettler (Apr 28)