Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Active Rules & Management

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 11 Jun 2015 13:31:32 -0400
On 06/11/2015 12:31 PM, Xander wrote:

2015-06-11 11:22 GMT+02:00 waldo kitty <wkitty42 () windstream net>:


you /have/ to tune snort to your network... some rules will apply to your
network and others will be nothing more than noise generators...


Thanks for your response!

By noise generators, you mean that they could actually interfere with
the other rules?
Like preventing detection or generating false positives and son on?

Or you just mean that packets will be checked against them uselessly
(since they do not apply to my network), therefore wasting resources?


too much "noise" detracts from finding/seeing the actual problems that may be 
going on... one may spend too much time tracking noisy things and completely 
miss the real meat...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: