Re: General Snort Help!

["larc" <larc () pandora be>]

Like other mention there are books, but there is also another way that I prefer.
Take the 'Track 3: Intrusion Detection In-Depth' training from sans institute and you will hear all you ever wanted 
know from some of the best IDS analysts.

Stefan D.

------------------------
 Lorraine Cannavale <LCannavale () americanhm com> wrote:
------------------------
Hello, I am very new at the whole Intrusion Detection Process and especially
> snort.
> There is a network administrator here that has installed an IDS utilizing
> snort, etc and is responsible for maintaining the system.
> I was hired by the Security Administrator to help monitor the alerts on a
> daily basis, analyze the data, and help reduce the false positives.
> So, I have the easy job, but I'm having major difficulties understanding
> what the alerts actually mean and deciphering what is a false positive, true
> intrusion, or just an informational alert.  I have read the Snort user
> manual, understand how to read the rules, and have found some information on
> the alerts, but it is still confusing to me.
>
> Can anyone recommend additional resources that would help me (books, on-line
> manuals, or web sites)?
> I've read emails from the Snort mailing list and this all seems to make a
> lot of sense to everyone else, I'm curious how you all obtained your
> knowledge and if there is anything you can share with me!?
>
> I apologize in advance if this is not the correct list for the question.
> Any help or advice would be greatly appreciated.
>
> Thank you so much!
> Lorraine 
> (lcannavale () americanhm com)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>  
>
>
>
>  Clean
>  Clean
>  DocumentEmail
>  
>  
>   
>   
>   
>   
>  
>  MicrosoftInternetExplorer4
>
>
>
> st1\:*{behavior:url(#default#ieooui) }
>
>
>
>
>
>
>
> /* Style Definitions */ 
> table.MsoNormalTable
>       {mso-style-name:"Table Normal";
>       mso-tstyle-rowband-size:0;
>       mso-tstyle-colband-size:0;
>       mso-style-noshow:yes;
>       mso-style-parent:"";
>       mso-padding-alt:0in 5.4pt 0in 5.4pt;
>       mso-para-margin:0in;
>       mso-para-margin-bottom:.0001pt;
>       mso-pagination:widow-orphan;
>       font-size:10.0pt;
>       font-family:"Times New Roman";}
>
>
>
>
>
>
>
>
> Hello, I am very new at the whole Intrusion 
> Detection
> Process and especially snort.
>
> There is a network administrator here that has 
> installed an IDS utilizing snort, etc and is responsible for
> maintaining the system.
>
> I was hired by the Security Administrator to help 
> monitor
> the alerts on a daily basis, analyze the data, and help reduce the 
> false
> positives.
>
> So, I have the easy job, but I'm having major
> difficulties understanding what the alerts actually mean and 
> deciphering what
> is a false positive, true intrusion, or just an informational 
> alert. I have read the Snort user 
> manual,
> understand how to read the rules, and have found some information on 
> the
> alerts, but it is still confusing to me.
>
>
>
> Can anyone recommend additional resources that would 
> help me
> (books, on-line manuals, or web sites)?
>
> I've read emails from the Snort mailing list and 
> this
> all seems to make a lot of sense to everyone else, I'm curious how you
> all obtained your knowledge and if there is anything you can share with 
> me!?
>
>
>
> I apologize in advance if this is not the correct 
> list for
> the question.
>
> Any help or advice would be greatly
> appreciated.
>
>
>
> Thank you so much!
>
> Lorraine 
>
>
> (lcannavale () americanhm com)




-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users