Snort mailing list archives

Re: Everything working what next

From: Ron Sinclair <unixfool () gmail com>
Date: Wed, 28 Nov 2012 16:44:10 -0500

Analyze the logged data to determine if there are any system/network
breaches.  Noisy signatures can be commented out or tuned/filtered.
 Sometimes the logs can point out a misconfiguration that, while not an
actual breach, can assist in fixing the issue.  Also, each network is
different, so we won't be able to tell you what you should be seeing and
how/if you should disable signatures.  We might be able to assist if you've
a question about a particular piece of traffic, but you'll have to provide
the pcap.  Sometimes, just being able to compare the PCAP agains the rule
itself is enough to determine the nature of logged traffic.  Sometimes it
takes awhile to research.  It depends on what's being logged.

I'm not sure if it's outside of the scope of this group or not, but using
Google usually helps.


On Wed, Nov 28, 2012 at 4:06 PM, k vijay sai prashanth <
vijaysaiprashanth () gmail com> wrote:

Hello All,

I have setup snort barnyard2 after a lot of pain. I even setup an Aanval
front end. I now have events being logged and stored.

I just have one question.

What do I do with all the logs and alerts?

What kind of analysis and reporting should I be doing?

I hope this part is not out of scope for this group.

Regards,
Prashanth


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Everything working what next k vijay sai prashanth (Nov 28)
- Re: Everything working what next Ron Sinclair (Nov 28)
  - Re: Everything working what next k vijay sai prashanth (Nov 28)
    - Re: Everything working what next waldo kitty (Nov 28)
    - Re: Everything working what next k vijay sai prashanth (Nov 29)
    - Re: Everything working what next waldo kitty (Nov 29)