Snort mailing list archives

RE: philosophical question

From: "RR" <rehmanr () dedicatedtech com>
Date: Wed, 31 Jul 2002 11:25:10 -0400

I would say yes. That is a good starting point. However you may need to
write your own rules as well for some specific things that you want to
monitor. Remember, pre-defined rules don't do "everything".

HTH

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eduard San
Anselmo
Sent: Wednesday, July 31, 2002 11:00 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] philosophical question


I've just installed snort and everything seems to work fine. Too fine, I
would say: my sensor is informing of many alerts that aren't so, I mean,
there are lots of false positives that I'm supposed to tune. That's my
question: what does tuning mean? The way I see it is that I have to look
at the alerts and change some things in the rules that triggered those
alerts, so they won't bother me again. Is that a good point of view?
Thank you.



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

philosophical question Eduard San Anselmo (Jul 31)
- Re: philosophical question Marco Aurelio Valtas Cunha (Jul 31)
- RE: philosophical question RR (Jul 31)
- <Possible follow-ups>
- RE: philosophical question McCammon, Keith (Jul 31)