Snort mailing list archives
Now what?
From: Subba Rao <subba9 () home com>
Date: Thu, 13 Sep 2001 09:06:26 -0400
It is a pure coincidence that this particular customer I am working with, has seen the output of Snort alerts for the first time the day after tragic events on Tuesday. Their physical security ratings (in my books) went from a negative range to a close to 100%. Their network security posture is also improving at very good increments. The Snort alerts were generated with the default rules set from 1.8.1 tree. I have listed Priority 10, 8 and 7 alerts for their review. They are in a kind of worried now and want to know what to do next? I recommended that they start discussing their policies (Yes, they do have them) and start implementing them. It looks like I have to hold their hands and guide them to implement their policies. How and where do I start to help them implement their policies? Any pointers and advice appreciated. Thank you in advance. -- Subba Rao subba9 () home com http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Now what? Subba Rao (Sep 13)