Snort mailing list archives
Re: Too much of snort events
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 13 May 2016 06:04:47 +0000
Those are preprocessor events for Stream5 (GID:129). See the preprocessor.rules file. You can disable them there if you like. Have you setup your home_net and external_net variables correctly? Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Oleg Makarov [mailto:oamakarov () platbox com] Sent: Thursday, May 12, 2016 7:26 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Too much of snort events Hi guys! Please give me an advice, sorry I'm a newbie here. So I have Snort+Barnyard2+PulledPork+Aanval (as web siem) It works correctly. I found a lot of alerts with gen_id 129, sig_id 12 and gen_id 129, sig_id 4 and suppress them (it's not informative). I found them in Aanval and it's trying to upload whole mysql DB. But there are still too much alerts ~ 30events per second and it's nearly 800k events per day. How can I more understand what are the events generating ? Thanks.
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Too much of snort events Oleg Makarov (May 12)
- Re: Too much of snort events Al Lewis (allewi) (May 12)
- Re: Too much of snort events Oleg Makarov (May 13)
- Re: Too much of snort events Al Lewis (allewi) (May 12)