Snort mailing list archives
Comprehensive explanation of rules
From: Scott Ellis <scorellis () kcura com>
Date: Wed, 16 Dec 2015 21:53:54 +0000
I am trying to find a comprehensive explanation of rules, such as: * who wrote it, * what it is intended to block, * what might be some of the root causes of hyperactive alerts, * what is the category ID of a signature and how to I block an entire category, (I know how to handle single signatures) * is there an online lookup where I can find all this information and lookup a signature by its ID and any other useful information that can be provided that will help me develop stronger alert management workflows for my organization. Thank you! Scott
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Comprehensive explanation of rules Scott Ellis (Dec 16)
- Re: Comprehensive explanation of rules Joel Esler (jesler) (Dec 17)