Snort mailing list archives
RE: General Snort Help!
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Tue, 21 Jan 2003 12:46:51 -0500
I used to use www.whitehats.com <http://www.whitehats.com> to lookup each occurance, but they don't appear to be online anymore. If you go to www.snort.org <http://www.snort.org> and choose the "All the information about rules you could ever want" option in the left pane, then you can start looking up EACH alert you receive to get a better understanding. After doing this for a while you will reach a point where you will know most of the recurring alerts that appear day to day and will be able to quickly review alerts each day and pick on out the less common ones and investigate. It takes a while at first but gets easier. Paul Sheahan Manager of Information Security Priceline.com paul.sheahan () priceline com -----Original Message----- From: Lorraine Cannavale [mailto:LCannavale () americanhm com] Sent: Tuesday, January 21, 2003 11:49 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] General Snort Help! Hello, I am very new at the whole Intrusion Detection Process and especially snort. There is a network administrator here that has installed an IDS utilizing snort, etc and is responsible for maintaining the system. I was hired by the Security Administrator to help monitor the alerts on a daily basis, analyze the data, and help reduce the false positives. So, I have the easy job, but I'm having major difficulties understanding what the alerts actually mean and deciphering what is a false positive, true intrusion, or just an informational alert. I have read the Snort user manual, understand how to read the rules, and have found some information on the alerts, but it is still confusing to me. Can anyone recommend additional resources that would help me (books, on-line manuals, or web sites)? I've read emails from the Snort mailing list and this all seems to make a lot of sense to everyone else, I'm curious how you all obtained your knowledge and if there is anything you can share with me!? I apologize in advance if this is not the correct list for the question. Any help or advice would be greatly appreciated. Thank you so much! Lorraine (lcannavale () americanhm com)
Current thread:
- General Snort Help! Lorraine Cannavale (Jan 21)
- RE: General Snort Help! Patrice Boulanger (Jan 21)
- Re: General Snort Help! Erek Adams (Jan 21)
- RE: General Snort Help! Good Book List Gregory W. Ratcliff (Jan 21)
- Re: General Snort Help! Good Book List Edin Dizdarevic (Jan 22)
- snort.org recommended reading? (was Re: General Snort Help!) twig les (Jan 21)
- Re: snort.org recommended reading? (was Re: General Snort Help!) Steve Jones (Jan 22)
- Re: General Snort Help! Saad Kadhi (Jan 21)
- RE: General Snort Help! Good Book List Gregory W. Ratcliff (Jan 21)
- <Possible follow-ups>
- RE: General Snort Help! Sheahan, Paul (PCLN-NW) (Jan 21)
- RE: General Snort Help! Yaakov Yehudi (Jan 21)
- Re: General Snort Help! larc (Jan 22)