IDS mailing list archives

Re: Snort

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 04 Oct 2004 15:43:53 +0100

--On 30 September 2004 20:35 -0400 Martin Roesch <roesch () sourcefire com>wrote:

Just one note from me.  If you're going to only pay attention to
priority 1 events then you need to tune the priorities on your rules  for
your environment.

Quite correct, Marty (unsurprisingly!). Incidentally, by 'report on ' I wasmeaning 'send email about' or similar. It's good practice, IMHO, to log*everything* (albeit thresholded, maybe) for later analysis of events.


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

Re: Snort vvaduva (Sep 30)
- <Possible follow-ups>
- Re: Snort Graeme Connell (Sep 30)
- RE: Snort Leon De France (Oct 01)
- Re: Snort Martin Roesch (Oct 01)
  - Re: Snort Alex Butcher, ISC/ISYS (Oct 04)
    - Re: Snort James Riden (Oct 05)
- RE: Snort Eric Hines (Oct 01)
- Re: Snort Raffael Marty (Oct 01)
- RE: Snort Phil Hollows (Oct 01)