Snort mailing list archives
Re: Reliability of signatures
From: beenph <beenph () gmail com>
Date: Fri, 4 Feb 2011 13:33:07 -0500
Honestly, i think that if you provide a service that is based on free ressource or paid subscription you should give your self a process to filter the detection input you receive and be able to adapt it for your setup. If your analyst can't do it there is probably an in your process somewhere. On Fri, Feb 4, 2011 at 12:56 PM, Martin Holste <mcholste () gmail com> wrote:
Actually this discussion is helping. It's letting us know what you are interested in.Ok, cool. So, here's my feedback to SF/ET regarding what will help, and I'll try to summarize the above comments to be sure I have understood them: 1. Up/down vote per gid:sid:rev my analysts can click on at the tail end of an investigation to indicate that something's been helpful with a way to make a note of how it was helpful. 2. Dshield/sidreporter-style automated submissions so that you guys can see the sigs that are flagging on all kinds of FP's right off the bat and also to get a cross-section of what IP's are flagging alerts. 3. Up/down vote for category confidence on a given gid:sid:rev. And, I'd personally add a fourth that I feel is very important: 4. Tag suggestion for a gid:sid:rev with corresponding up/down vote for confidence. I personally want to see 1 and 4 implemented ASAP, and they can be started without retrofitting to all existing signatures. Each datum contributed is value added. ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Reliability of signatures, (continued)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Joel Esler (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Nigel Houghton (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Nigel Houghton (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Nigel Houghton (Feb 04)
- Re: Reliability of signatures Joel Esler (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures beenph (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: [Emerging-Sigs] Reliability of signatures Jim Hranicky (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: [Emerging-Sigs] Reliability of signatures Michael Stone (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)