Home page logo

snort logo Snort mailing list archives

Re: Bases for writting snort rules
From: "lists () packetmail net" <lists () packetmail net>
Date: Thu, 16 May 2013 08:33:50 -0500

On 05/16/2013 07:34 AM, Guy Martial Nkenne Tchassi wrote:
Then for each treat, there is a
sort of predefined set of actions that can be undertaken to eliminate the

The 'References' section of the individual signatures are a good place to apply
some context around the particular signature and potential remediation options.
 That being said, the references are not comprehensive nor are they a road-map
to full remediation.  I'm unaware of any database that provides a mapping of
snort signatures to incident severity to remediation/mitigation methods.  As I
understand it this task is the responsibility of the IDS analyst and is actually
one of the core roles I believe an analyst should be capable of performing.
Remediation options and mitigation approaches will also vary based on
organizational risk assessment, LOB impact, etc.

Should such an undertaking occur to develop such a data warehouse I see it is
daunting with a high propensity to be incomplete and unable to address the niche
needs of each organization.


AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]