Snort mailing list archives
snort-nessus-correlation: honeysuckle vs. ids alert verification
From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
Date: Mon, 28 Jun 2004 14:49:12 +0200
Hi, Does anyone know how they work exactly? (I have found nothing about their output format and how the are filtering out data) --How works the process of filtering? Any changes made to sid-msg.map after correlation? (in example: removing sids for which the network isn't vulnerable for) --All outputs supported? (I'd like to use the unified format) --How does honeysuckle handle vulnerabilities? (ids alert verification has the possibility to give alerts back to the snort-engine which it couldn't verify as "vulnerability" or "non vulnerability", honeysuckle too?) Thanks in advance, Steffen ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-nessus-correlation: honeysuckle vs. ids alert verification Maetzky, Steffen (Extern) (Jun 28)