Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Questionnaire for FAQ on 'how many alerts does snort receive'.

From: "Imran William Smith" <iwsmith () mimos my>
Date: Mon, 10 Jun 2002 09:33:15 +0800
I appreciate these are 'how long is a ball of string' type questions,
but I want to try to answer the questions

"How many alerts does snort receive?"
"How much space do they take?",

by polling people and trying to summarize this into 'high / low / typical'
figures, based on size of organisation, type of rules enabled etc.

It's a question that many people will need to estimate / guess
at some point, and I can't find any formal answers / research /
polls.  The results will also help if you want to know the impact
of turning on payloads / switching to a different logging type etc.

So, I wonder if anybody who has the time could complete the
following questionnaire, and I'll tabulate the results.  I will
list the contributors, but not mention publicly who submitted
which result.  The longer your results are sampled over (number
of days), the more useful, to make a better average.  A few
'don't knows' are fine, the more results the better...


Questionnaire:
-----------------

month/year of capture:

version of snort:

description of rules enabled  - default? all? custom (please give details):

sensor environment - what kind/size of organisation, location of sensor etc:

inside some kind of firewall (Y/N):

bandwidth sniffed (ISDN, ADSL, 10, 100, gigabit etc):

duration of sniffing (days):

total number of alerts raised:

format of alerting - text/fast, text/full (this is the default), tcpdump, database (what type?) etc:

payloads captured (Y/N):

total disk space taken by the alerts (including payloads if captured, database indexes etc):




Thanks everyone.  I'll post detailed results later (maybe after 1 week?),
along with a bit of analysis.


--
Imran William Smith
Security Products Development
Mimos Bhd, Malaysia





_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: