Snort mailing list archives
RE: ACID - acknowledgement of events ?
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Wed, 17 Jul 2002 11:59:03 -0400
<!-- snip --> Do you archive already seen interesting events and perform correlations in archive ? <!-- snip --> Thats exactly how I manage mine. Investigate, Email (if required), move to Archive for correlation. This is an area where I would like to see alot of developemt happen. In perticular, even though ACID has native support for an archive, there's no real way to view it. I end up creating a copy of ACID in /acid/archive and changing the default db to snort_archive. Better integration might also provide a way to check if an IP causing an new alert is listed in the archive. some thoughts, John Hicks -----Original Message----- From: Petr Ruzicka [mailto:petr_ruzicka () yahoo com] Sent: Monday, July 15, 2002 7:42 PM To: snort-users () lists sourceforge net Subject: [Snort-users] ACID - acknowledgement of events ? Hi I use Snort + ACID for some time and I would like to know how you deal with "acknowledged" events. Let's say I have couple of events that I have already saw and I prefer not delete them for future analysis/comparsion etc. But very soon I have a lot of such events and I'm becoming lost. Does ACID have something like "read/unread" events (mails)? Do you archive already seen interesting events and perform correlations in archive ? Thanks Petr R. __________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID - acknowledgement of events ? Petr Ruzicka (Jul 15)
- <Possible follow-ups>
- RE: ACID - acknowledgement of events ? Hicks, John (Jul 17)