Snort mailing list archives

Making Snort Rules More "Sensitive"

From: "Rich Lichvar" <rlichvar () knowledgeresourcecenter com>
Date: Tue, 17 Jun 2003 11:26:31 -0400

1. I'm a Snort (and pretty much Linux/Unix) newbie. Just getting back into
this after several months hiatus.

2. We got dinged in a security audit last year about our IDS rules (Snort)
not being "sensitive enough" and were told we needed to raise (lower?) the
sensitivity thresholds. Okay, if some one can tell me where to start looking
to accomplish this, I'd really appreciate the help.

Richard L. Lichvar
Director, Operations
Knowledge Resource Center, Inc.
Phone: 703-848-2100 x228
Fax: 703-848-4747
Mobile: 571-221-3430



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Making Snort Rules More "Sensitive" Rich Lichvar (Jun 17)
- Re: Making Snort Rules More "Sensitive" Erek Adams (Jun 17)
  - RE: Making Snort Rules More "Sensitive" D@7@K|N& (Jun 17)
- RE: Making Snort Rules More "Sensitive" D@7@K|N& (Jun 17)
- <Possible follow-ups>
- RE: Making Snort Rules More "Sensitive" L. Christopher Luther (Jun 17)