IDS mailing list archives
Re: Snort
From: Raffael Marty <rmarty () arcsight com>
Date: Thu, 30 Sep 2004 17:15:58 -0700
(and I am biased, so I list Lightning & NeVO & Nessus first) are:
Note that I am biased too ...
from SNORT, and qualify them with other events and vulnerability data. My only caveat is that most of the SIMs take a one-time snapshot of vulns and don't integrate daily vuln data that you can get with RNA or NeVO.
Make sure you note the "most of the SIMs"! I can't really talk about too many of them, but the one I know quite well, deals very nicely with updates of vulnerability scans. As many as you want! To throw out another thing you want to do with regards to snort alerts and false positives: Take into account your environment! By environment I mean things like what assets you have, how critical they are, what ports are open, ... That's where the SIMs really come in and help a lot. -raffy -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Snort vvaduva (Sep 30)