Re: Whatever OS We Use

[Frank Knobbe <fknobbe () knobbeits com>]

On Mon, 2002-03-18 at 09:48, Erickson Brent W KPWA wrote:
> [...]
> 1. Real time alerting (in many probes and attacks, Snort provides us an
> early enough warning to take action provided we are paying attention)
>
> 2. Near real time or after action analysis. Give me the data content on
> that suspicious alert e-mail message that I just received.
> [...]
> 5. Snort logging all traffic for archive and analysis, two Snort
> sniffers streaming the data to 2 NICs on a terabyte server with direct
> crossover cables.
> [...]


Brent,

how do you sift through all the masses of data? How do you determine
what traffic to investigate? Have you guys at the Navy created some best
practice documents (outlining how to deal with the traffic volume) that
can be shared with the public?

Also, what supplement IDS's are you using? (Is Shadow still used much?)

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part