Snort mailing list archives
Re: Everything working what next
From: k vijay sai prashanth <vijaysaiprashanth () gmail com>
Date: Thu, 29 Nov 2012 03:22:05 +0530
I did google it actually, Got very very vague responses. I posted here as everyone here uses Snort and will have clarity on their purpose of usage. Also if I may ask why do we need an IDS when there is already a firewall in place? All the traffic I see in my logs are all internal traffic. What kind of threats am I looking at from internal traffic? Regards, Prashanth On Thu, Nov 29, 2012 at 3:14 AM, Ron Sinclair <unixfool () gmail com> wrote:
Analyze the logged data to determine if there are any system/network breaches. Noisy signatures can be commented out or tuned/filtered. Sometimes the logs can point out a misconfiguration that, while not an actual breach, can assist in fixing the issue. Also, each network is different, so we won't be able to tell you what you should be seeing and how/if you should disable signatures. We might be able to assist if you've a question about a particular piece of traffic, but you'll have to provide the pcap. Sometimes, just being able to compare the PCAP agains the rule itself is enough to determine the nature of logged traffic. Sometimes it takes awhile to research. It depends on what's being logged. I'm not sure if it's outside of the scope of this group or not, but using Google usually helps. On Wed, Nov 28, 2012 at 4:06 PM, k vijay sai prashanth < vijaysaiprashanth () gmail com> wrote:Hello All, I have setup snort barnyard2 after a lot of pain. I even setup an Aanval front end. I now have events being logged and stored. I just have one question. What do I do with all the logs and alerts? What kind of analysis and reporting should I be doing? I hope this part is not out of scope for this group. Regards, Prashanth ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Everything working what next k vijay sai prashanth (Nov 28)
- Re: Everything working what next Ron Sinclair (Nov 28)
- Re: Everything working what next k vijay sai prashanth (Nov 28)
- Re: Everything working what next waldo kitty (Nov 28)
- Re: Everything working what next k vijay sai prashanth (Nov 29)
- Re: Everything working what next waldo kitty (Nov 29)
- Re: Everything working what next k vijay sai prashanth (Nov 28)
- Re: Everything working what next Ron Sinclair (Nov 28)