Correllation resources

["Justin" <ginsbergj () gmail com>]

Fellow Snorters,


Do you guys have any good web resources for how to correlate and research
events? As in if one gets an event, and wants to check a write up on it,
what sites are best to use?
I've seen google groups, seclist.org and http://www.snortid.com, and while
sometimes I feel the write ups answer my questions well, I sometimes feel as
if some sig ID's and events may not be documented as well as one would like.
Especially the ET sigs.

Is there anywhere that posts in-depth decode analysis of the PCAP files for
events that are triggered in IDS? 
Is there anywhere that has maybe a IDS diary (Some nice snorter that has
documented what they have done to definitively know when to tune and when to
turn off rules)?
Are there any sites that post maybe a CVE/bug ID to signature correlation?

Thanks in advance,
Nitz.


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!