IDS mailing list archives

RE: Snort

From: "Leon De France" <Leon.DeFrance () Siebel com>
Date: Thu, 30 Sep 2004 15:53:07 -0600

You can try what was silicon defense's snortsnarf. It will not get rid
of false positives, but it does a good job with reports imo
http://www.snort.org/dl/contrib/data_analysis/snortsnarf/

There is also ACID.

Leon

-----Original Message-----
From: Jeremy Gonzales [mailto:jerdgonzales () yahoo com] 
Sent: Monday, September 27, 2004 3:09 PM
To: focus-ids () securityfocus com
Subject: Snort


Hi,

Does anyone have experience with snort reports? How do
you deal with the loads of information? Is there a way
to  generate reports that eliminate the false
positives? Any help will be appreciated.

Thanks,

Jeremy.



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
------------------------------------------------------------------------
--



------------------------------------------------------------------------------
This e-mail message is for the sole use of the intended recipient(s) and contains confidential and/or privileged 
information belonging to Siebel Systems, Inc. or its customers or partners.  Any unauthorized review, use, copying, 
disclosure or distribution of this message is strictly prohibited.  If you are not an intended recipient of this 
message, please contact the sender by reply e-mail and destroy all soft and hard copies of the message and any 
attachments.  Thank you for your cooperation.
====================================================


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

Re: Snort vvaduva (Sep 30)
- <Possible follow-ups>
- Re: Snort Graeme Connell (Sep 30)
- RE: Snort Leon De France (Oct 01)
- Re: Snort Martin Roesch (Oct 01)
  - Re: Snort Alex Butcher, ISC/ISYS (Oct 04)
    - Re: Snort James Riden (Oct 05)
- RE: Snort Eric Hines (Oct 01)
- Re: Snort Raffael Marty (Oct 01)
- RE: Snort Phil Hollows (Oct 01)