Snort mailing list archives

snort-nessus-correlation: honeysuckle vs. ids alert verification

From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
Date: Mon, 28 Jun 2004 14:49:12 +0200

Hi,

Does anyone know how they work exactly? (I have found nothing about their
output format and how the are filtering out data) 
 
--How works the process of filtering? Any changes made to sid-msg.map after
correlation?  (in example: removing sids for which the network isn't
vulnerable for)
--All outputs supported? (I'd like to use the unified format)
--How does honeysuckle handle vulnerabilities? (ids alert verification has
the possibility to give alerts back to the snort-engine which it couldn't
verify as "vulnerability" or "non vulnerability", honeysuckle too?)

Thanks in advance,

Steffen 


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort-nessus-correlation: honeysuckle vs. ids alert verification Maetzky, Steffen (Extern) (Jun 28)