Snort mailing list archives
Looking for opinions...
From: "Wilcoxen, Scott" <SWilcoxen () macf com>
Date: Mon, 28 Apr 2003 11:53:19 -0400
Hi all! I was looking for some opinions on something here. I've recently set up Snort here in my office. Everything is running great, but I'm not sure how to proceed on something. Alerts which are being generated for known vulnerabilities in IIS, SMB, etc. which I know for a fact I'm patched for are overrunning my alert logs. I'm logging all traffic to tcpdump binaries, so if I ever really needed to dig through this info I could. So, in order to keep the number of alerts to a manageable level I was considering disabling the rules for which I am already patched. Any thoughts on this? Scott S Wilcoxen Macfadden & Associates, Inc. Email: Swilcoxen at macf dot com www.macf.com
Current thread:
- Looking for opinions... Wilcoxen, Scott (Apr 28)
- <Possible follow-ups>
- RE: Looking for opinions... L. Christopher Luther (Apr 28)