Snort mailing list archives
Re: New Snort Sensor Implementation
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 12 Sep 2012 13:37:05 -0400
I'd implement the balanced-ips policy and get used to it (tune it), the move to security-ips and tune it. Adjust fire from there. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Wed, Sep 12, 2012 at 11:00 AM, Turnbough, Bradley E. < bturnbough () belcan com> wrote:
Should I plan on implementing a snort sensor with all of the applicable rules enabled at first and plan on scaling back, or should I implement small amount of rules of applicable rules and scale up? This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- New Snort Sensor Implementation Turnbough, Bradley E. (Sep 12)
- Re: New Snort Sensor Implementation Joel Esler (Sep 12)