Snort mailing list archives
Re: What makes a complete IDS package?
From: James Lay <jlay () slave-tothe-box net>
Date: Sat, 19 Mar 2011 07:58:21 -0600
I review my events on the command line. I don't use a DB or whatever. I've tuned the hell out of my Snort installation, so that when it alerts, I need to deal with something. Joel Joel, So.do you nuke out the "possible" rules? Or the "likely hostile" rules? I spend a fair amount of time tracking down obfuscated javascript and javascript in pdf type alertsmost are non-malicious, but some turn out to be badcurious on just how much you've tuned my friend ;) James
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What makes a complete IDS package? James Lay (Mar 18)
- Re: What makes a complete IDS package? Jefferson, Shawn (Mar 18)
- Re: What makes a complete IDS package? Joel Esler (Mar 18)
- Re: What makes a complete IDS package? James Lay (Mar 19)
- Re: What makes a complete IDS package? Joel Esler (Mar 19)
- Re: What makes a complete IDS package? Martin Holste (Mar 21)
- Re: What makes a complete IDS package? Joel Esler (Mar 21)
- Re: What makes a complete IDS package? Jefferson, Shawn (Mar 21)
- Re: What makes a complete IDS package? Joel Esler (Mar 21)
- Re: What makes a complete IDS package? James Lay (Mar 19)