Snort mailing list archives
Re: Reliability of signatures
From: Martin Holste <mcholste () gmail com>
Date: Fri, 4 Feb 2011 10:25:09 -0600
I count about 30,000 signatures in the feed I pull down. That's a big effort to categorize. So perhaps an initial pass using the classifications might give a reasonable starting point.
If all sigs start neutral, then each sig can be categorized as people get around to it. It seems like a daunting task, but there is a linear benefit to each signature categorized/rated, so every little bit helps.
I was thinking that further refinement effort could be driven by the signatures that are most active at any time, like the way SANS directs their efforts using dshield to identify what's most important. Over time, the most active signatures receive the most attention.
That could work, but I wonder if enough people use the default configuration that it would overpower folks who are tuning. Might be worth a shot, though. ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Reliability of signatures, (continued)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Jason Wallace (Feb 04)
- Re: Reliability of signatures beenph (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)