Snort mailing list archives
Re: no alert for darpa dataset
From: mehdi maleki <mehdimlk2003 () yahoo com>
Date: Fri, 8 Aug 2014 22:03:23 -0700
do you know newer and better datasets than darpa that have below capabilities: 1) free to download 2) accepted in research domains On Saturday, August 9, 2014 4:56 AM, waldo kitty <wkitty42 () windstream net> wrote: On 8/8/2014 8:29 AM, mehdi maleki wrote:
hi A lot of research has been done with snort and darpa dataset while the new default rule set doesn't produce any alert for darpa dataset. In this context I have some question of the vulnerability team of snort (especially Mr. elster) and all professionals : 1) Are all threats in the darpa not important today?
my first question is how old is that darpa pcap??
2) Will this action to reduce the false alarms of today important threats ? 3) Will this action does not weaken the completeness of snort? 4) Finally, the rules sent to us are original!?
what rules? the ones you downloaded for the version of snort you are running? yes... what do you mean by ""original""? those that were active when the darpa pcap was assembled? many things have evolved over the years... snort's detection capabilities and rules are at the top of that list in this environment ;) -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- no alert for darpa dataset mehdi maleki (Aug 08)
- Re: no alert for darpa dataset waldo kitty (Aug 08)
- Re: no alert for darpa dataset mehdi maleki (Aug 08)
- Re: no alert for darpa dataset waldo kitty (Aug 08)