Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Threat Management

From: twig les <twigles () yahoo com>
Date: Tue, 6 Aug 2002 12:08:43 -0700 (PDT)
Yes actually.  So I suppose that the HP Openview or
MRTG box would tell me about it.  If I happen to look
there that is.  Sigh.

Actually an interesting idea (well...to me) is having
a standardized format for IDS alerts.  You know like
an IEEE thing where the fields would have to contain
specified information in a specified format? 
Obviously the IEEE would probably not do this, but I'm
a little rusty on my acronyms.

Vendors could be compliant and then add there
non-compliant stuff with an asterisk, kinda like
databases right now.  Anyhoo it's an idea (one that
would likely take 3-5 years to materialize).  Does
anyone know if anybody is doing this yet?  I don't see
how the field can *not* be inhibited if no one does
this in the future - too chaotic.


--- Ian Macdonald <secsnort () dirk demon co uk> wrote:

Wouldn't a truck come under physical security :)
----- Original Message -----
From: "twig les" <twigles () yahoo com>
To: "Steve Scott" <sjscott007 () earthlink net>;
<snort-users () lists sourceforge net>
Sent: Monday, August 05, 2002 12:58 PM
Subject: Re: [Snort-users] Threat Management



Read it, loved it.  We have 3 IDS vendors (well, 2
vendors and snort), Cisco router acls, Solaris
firewalls and another vendor firewall - all

wanting to

do things their own way.  Crimany!  I'd be lucky

to

see a truck drive through the dam data center.


--- Steve Scott <sjscott007 () earthlink net> wrote:

I recently finished a paper on the Threat

Management

space and would
like to share my findings will others.  We are
currently in the process
of evaluating solutions in this space.  While

its

not 100 percent
complete it will provide an understanding of the
concept.  As I progress
with the project I will continue to expand the
paper.

You can find it here:
http://home.earthlink.net/~sjscott007/

Regards,

Steve











-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:






https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:






http://www.geocrawler.com/redir-sf.php3?list=snort-users



=====




-----------------------------------------------------------

All warfare is based on deception.




-----------------------------------------------------------


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com






-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:





https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:




http://www.geocrawler.com/redir-sf.php3?list=snort-users







=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: