Snort mailing list archives
Re: IDS
From: Syed Tariq Mustafa <Mustafast () ALJ COM>
Date: Mon, 10 Jul 2017 16:06:50 +0000
Please unsubscribe me from this list. I tried to do it myself but the messages keep coming!! Thank you. Sent from my Samsung device -------- Original message -------- From: Justin Pederson via Snort-users <snort-users () lists snort org> Date: 10/07/2017 7:05 PM (GMT+03:00) To: "Al Lewis (allewi)" <allewi () cisco com> Cc: Snort-users () lists snort org Subject: Re: [Snort-users] IDS I just grabbed a file from packettotal. Is there any way to run it against my current rules set to see if it triggers anything? On Mon, Jul 10, 2017 at 10:37 AM, Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>> wrote: “Best” would depend on what you are trying to do. If you are “tweaking/tuning/learning/testing” etc .. rules then a pcap definitely works better than trying to use live traffic. Even with live traffic you may want to log things in binary format that alert. Then come back and analyze them later. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of Justin Pederson via Snort-users <Snort-users () lists snort org<mailto:Snort-users () lists snort org>> Reply-To: Justin Pederson <jpedersm () gmail com<mailto:jpedersm () gmail com>> Date: Monday, July 10, 2017 at 11:15 AM To: "Snort-users () lists snort org<mailto:Snort-users () lists snort org>" <Snort-users () lists snort org<mailto:Snort-users () lists snort org>> Subject: [Snort-users] IDS What is the best way to set snort up? Either have it just look at the live packets as they come in or to form a pcap then to look into the pcap? Confidentiality and Disclaimer Notice This email, including any attachment(s) is intended solely for the recipient(s) named above and includes proprietary, confidential and legally privileged information. It should not be read, copied, forwarded or otherwise used by any other person. If you are not a named recipient, please contact the sender or the IT Manager of ALJ Co Ltd (e-mail ITManager () alj com) and delete the e-mail from your system immediately. Access by any other person to this e-mail is not authorized. Any unauthorized use or disclosure of this e-mail or of the information contained therein or any copying, distribution, dissemination of it is prohibited, and illegal. E-mail transmission cannot be guaranteed to be timely, secure, error or virus free. Abdul Latif Jameel Co. Ltd. or its subsidiaries/affiliates do not accept any liability whatsoever for any losses, damages, errors, omissions, corruption or viruses which could be contained within this e-mail or within any files attached/transmitted with it, or which may arise as a result of its transmission. Any views or opinions expressed by an individual within this e-mail do not necessarily reflect the views or opinions of Abdul Latif Jameel Co. Ltd. or its subsidiaries/affiliates.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!