IDS mailing list archives
Re: Snort
From: SuxxToBe <julianschweizer () yahoo de>
Date: Wed, 29 Sep 2004 17:22:33 +0200
Hi Jeremy, i use ACID (Analysis Console for Intrusion Databases) its working with all the popular sql server out there, and the webinterface looks quite clear and comfortable. U can clean your webbased report easy by hand and sort out false positives, this shouldn´t be much work if you configured snort well, and u can always klick on the links added to each warning (arachNIDS and/or snort as example) read the signature information and figure out if it is a false positive or not. Hope this helps. Regards J Am Montag, 27. September 2004 23:09 schrieb Jeremy Gonzales:
Hi, Does anyone have experience with snort reports? How do you deal with the loads of information? Is there a way to generate reports that eliminate the false positives? Any help will be appreciated. Thanks, Jeremy.
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------