Snort mailing list archives

Re: Rules

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 13 Mar 2015 20:13:38 +0000

Hello,


Is your home_net/external_net variables setup correctly?

If they are you can suppress or threshold an overly noisy alert. All of this is explained in the manual.

In its default snort will be noisy so this is where the tuning comes in at.


Hope this helps.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Fabio Machado Sanches [mailto:fabio.sanches () tokiomarine com br]
Sent: Friday, March 13, 2015 3:31 PM
To: Al Lewis (allewi); Joel Esler (jesler); snort () outlook com; snort-sigs () lists sourceforge net
Subject: Rules

Messrs. (A) good afternoon

I need a Aiding !!

Snort is generating countless false positive alerts and need to insert a rule to ignore these alerts in the snort rules 
!!

How do I proceed?

And can I check snort is working perfectly?

Sincerely Yours

Fábio Sanches
Segurança da Informação - ISO
Planejamento, Governança de T.I. e Centrais de Atendimento e Emissão
Tokio Marine Seguradora
Fone: (55) (11) 3265-7640
VOIP: (2) 7640
fabio.sanches () tokiomarine com br<mailto:fabio.sanches () tokiomarine com br>
http://www.tokiomarine.com.br<http://www.tokiomarine.com.br/>
[Descrição: Descrição: Descrição: Assinatura_final_3_03.jpg][Descrição: Descrição: Descrição: Descrição: Descrição: 
icon-gptw]


----------------------------------------------------

As informa��es desta mensagem e de seus anexos podem ser confidenciais e/ou privilegiadas e dever�o ser utilizadas 
somente pelo seu destinat�rio. Caso tenha recebido esta mensagem por engano, favor comunicar o equ�voco ao remetente e 
apagar, permanentemente, o seu conte�do de qualquer computador. Ap�s a transmiss�o desta mensagem, a Tokio Marine n�o 
se responsabilizar� pela integridade e/ou pelo uso indevido destas informa��es.

The information in this message and its attachments may be confidential and/or privileged and should be used only by 
the intended recipient. If you have received it erroneously, please notify the mistake to the sender and permanently 
delete the content of any computer. After the transmission of this message, Tokio Marine shall not be responsible for 
the integrity and/or misuse of this information.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Rules Fabio Machado Sanches (Feb 11)
- Re: Rules Joel Esler (jesler) (Feb 11)
  - RES: Rules Fabio Machado Sanches (Feb 12)
  - RES: Rules Fabio Machado Sanches (Feb 12)
    - Re: RES: Rules Joel Esler (jesler) (Feb 12)
    - RES: RES: Rules Fabio Machado Sanches (Feb 12)
    - Re: RES: RES: Rules Joel Esler (jesler) (Feb 12)
    - Re: RES: RES: Rules waldo kitty (Feb 12)
- <Possible follow-ups>
- Rules Fabio Machado Sanches (Mar 13)
  - Re: Rules Al Lewis (allewi) (Mar 13)