Snort mailing list archives
Re: Any Good Books out there?
From: Marcin Dulak <marcin.dulak () gmail com>
Date: Thu, 1 Dec 2016 23:58:45 +0100
There may be many reasons for not getting the alerts You may be missing the rules that will generate alerts. You also need scan_local for the private IP range. The reputation preprocessor configuration is explained nicely here: http://sublimerobots.com/2015/12/the-snort-reputation-preprocessor/ Marcin On Thu, Dec 1, 2016 at 11:04 PM, Justin Pederson <jpedersm () gmail com> wrote:
I just went through the Manual on the Reputation Preprocessor area and still having the same issues. I created a text file called white.list. On the snort.conf file in line 113 I have the variable listed correctly and verified it is called upon in line 511. I am running snort on windows any idea on why the IP is still in the alerts? File name is white.list (location c:\Snort\Rules\) Line 113 var WHITE_LIST_PATH c:\Snort\Rules Line 511 $WHITE_LIST_PATH\white.list, \ In the white.list I have the ip set up as. 192.168.70.5/32 On Thu, Dec 1, 2016 at 2:36 PM, Joel Esler (jesler) <jesler () cisco com> wrote:Also http://www.snort.org/faq I’ve been adding documents in here more frequently lately, and would love to add more. *--* *Joel Esler *| *Talos:* Manager | jesler () cisco com On Dec 1, 2016, at 3:35 PM, Luke Ager <luke.ager () me com> wrote: Agree with the snort manual posts. The art of network security monitoring is also worth a read. Sent from my iPhone On 1 Dec 2016, at 20:32, Joel Esler (jesler) <jesler () cisco com> wrote: Albert is right. Also, manual.snort.org is a bit easier to remember. *--* *Joel Esler *| *Talos:* Manager | jesler () cisco com On Dec 1, 2016, at 2:00 PM, Al Lewis (allewi) <allewi () cisco com> wrote: Hello Justin, The best “book” would be the snort manual in my opinion. This will give you the most information that is updated and maintained by the developers. If you go through a section of the manual (and don’t understand it) please feel free to post whatever question no matter how big or small. We will be glad to help you out and get you pointed in the right direction. The snort manual can be found in the snort download (in the doc directory) from www.snort.org and also online here: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/ Thanks! *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING SOURCE*fire*, Inc. now part of *Cisco* Email: allewi () cisco com From: Justin Pederson <jpedersm () gmail com> Date: Thursday, December 1, 2016 at 1:23 PM To: 'snort-users' <snort-users () lists sourceforge net> Subject: [Snort-users] Any Good Books out there? I'm just getting into snort. While there is allot of information out there on snort, allot of it is not strait forward. If I am looking for a book to get up to speed on they system. By chance does anyone know of any good books to read? ------------------------------------------------------------ ------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------ ------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------ ------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------ ------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Any Good Books out there? Justin Pederson (Dec 01)
- Re: Any Good Books out there? Al Lewis (allewi) (Dec 01)
- Re: Any Good Books out there? Al Lewis (allewi) (Dec 01)
- Re: Any Good Books out there? Joel Esler (jesler) (Dec 01)
- Re: Any Good Books out there? Luke Ager (Dec 01)
- Re: Any Good Books out there? Joel Esler (jesler) (Dec 01)
- Re: Any Good Books out there? Justin Pederson (Dec 01)
- Re: Any Good Books out there? Marcin Dulak (Dec 01)
- Re: Any Good Books out there? wkitty42 (Dec 01)
- Re: Any Good Books out there? Al Lewis (allewi) (Dec 01)
- Re: Any Good Books out there? Joel Esler (jesler) (Dec 01)
- Re: Any Good Books out there? Justin Pederson (Dec 01)