IDS mailing list archives

Re: Snort

From: SuxxToBe <julianschweizer () yahoo de>
Date: Wed, 29 Sep 2004 17:22:33 +0200

Hi Jeremy,

i use ACID (Analysis Console for Intrusion Databases) its working with all the 
popular sql server out there, and the webinterface looks quite clear and 
comfortable. U can clean your webbased report easy by hand and sort out false 
positives, this shouldn´t be much work if you configured snort well, and u 
can always klick on the links added to each warning (arachNIDS and/or snort 
as example) read the signature information and figure out if it is a false 
positive or not. Hope this helps.


Regards

J


Am Montag, 27. September 2004 23:09 schrieb Jeremy Gonzales:

Hi,

Does anyone have experience with snort reports? How do
you deal with the loads of information? Is there a way
to  generate reports that eliminate the false
positives? Any help will be appreciated.

Thanks,

Jeremy.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

Snort Jeremy Gonzales (Sep 30)
- Re: Snort Alex Butcher, ISC/ISYS (Sep 30)
- Re: Snort SuxxToBe (Sep 30)
- Re: Snort Ron Gula (Sep 30)
- Re: Snort Jose Maria Lopez (Sep 30)
- <Possible follow-ups>
- RE: Snort Wozny, Scott (US - New York) (Sep 30)
- RE: Snort Bénoni MARTIN (Sep 30)