Reduce Alerts - Pulledpork

["Cameron" <cameron () runetworks com>]

Hello,

 

I am a new user of Snort. I installed Snort on a Ubuntu Server (14.04). With
Snort I also installed and configured Barnyard2, Pulledpork and BASE. Right
now my issue is with the amount of alerts I am getting. I only just recently
configured it with a span port on the WAN and the increase in traffic has
really caused a lot of new alerts (most of which are irrelevant).

 

Because I used Pulledpork and have just one rules file (snort.rules). I
cannot seem to figure out how to minimize the alerts by turning off some
rules like you can if I did not use Pulledpork.

 

Is there perhaps a way to configure the snort.conf file so that it has a
certain threshold? My plan is to go ahead and implement a mail server to
relay some of the more critical alerts but I need to trim these down before
I can go ahead and do that. 

 

Any help would be much appreciated!

 

Thanks,

 

Cam

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!