RE: General Snort Help!

["Patrice Boulanger" <pboulanger () fr externall net>]

Hello,

Perhaps you could start with http://www.snort.org/cgi-bin/done.cgi which is
the main database to get informations on snort signatures. Unfortunaly, some
rules haven't any informations associated.
  -----Message d'origine-----
  De : snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]De la part de Lorraine
Cannavale
  Envoyé : mardi 21 janvier 2003 17:49
  À : 'snort-users () lists sourceforge net'
  Objet : [Snort-users] General Snort Help!


  Hello, I am very new at the whole Intrusion Detection Process and
especially snort.

  There is a network administrator here that has installed an IDS utilizing
snort, etc and is responsible for maintaining the system.

  I was hired by the Security Administrator to help monitor the alerts on a
daily basis, analyze the data, and help reduce the false positives.

  So, I have the easy job, but I'm having major difficulties understanding
what the alerts actually mean and deciphering what is a false positive, true
intrusion, or just an informational alert.  I have read the Snort user
manual, understand how to read the rules, and have found some information on
the alerts, but it is still confusing to me.



  Can anyone recommend additional resources that would help me (books,
on-line manuals, or web sites)?

  I've read emails from the Snort mailing list and this all seems to make a
lot of sense to everyone else, I'm curious how you all obtained your
knowledge and if there is anything you can share with me!?



  I apologize in advance if this is not the correct list for the question.

  Any help or advice would be greatly appreciated.



  Thank you so much!

  Lorraine

  (lcannavale () americanhm com)