Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort rules/fasle positives

From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Thu, 9 Dec 2004 05:28:08 -0600
Basically trim the rule set to match what you have at your location (you
do not want alerts for that which you do not have), make sure all your
variables are set correctly.  Also read about thresholding and
suppression, and use them wisely.
 
for commercial products, Sourcefire is an awesome product.  Also,
training always helps.  Sourcefire does training on both opensource
snort, and on its commercial products.  I have had a chance to sit in
all these classes.  They are awesome, the guys teaching it are very good
at what they do.  They also have a great class on rules writing.  Hope
that helps
 

  _____  

From: RKejariwal () fiberlink com [mailto:RKejariwal () fiberlink com] 
Sent: Wednesday, December 08, 2004 9:15 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort rules/fasle positives



Hi All 
Is there any good documentation which outlines what are the minimum set
of rule files that should be enabled on snort senor. I am getting tons
of messages and am not too sure how to keep up with it. Also is there a
commercial product equivalent to snort which I can deploy so that I can
obtain technical support. 
Any advice will be appreciated!!! 

Thanks in advance 
Ravi 












The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you
received this in error, please contact the sender and delete the
material from any computer.



Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately.
Previous By Date Next
Previous By Thread Next

Current thread: