Snort mailing list archives

Re: Snort / Alert Management Best Practices

From: Frank Knobbe <frank () knobbe us>
Date: Wed, 19 Jul 2006 13:37:31 -0500

On Wed, 2006-07-19 at 11:17 -0500, Daryl J. Rue wrote:

  Or are you just consistently fine
tuning the rules so only events that require action are shown?


Yes. It's on ongoing process. Lots of initial tuning, but still a
continuous tuning during daily use.

Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ignore bad rule on startup kakomon (Jul 19)
- Re: ignore bad rule on startup Paul Schmehl (Jul 19)
  - Re: ignore bad rule on startup kakomon (Jul 19)
    - Re: ignore bad rule on startup Paul Schmehl (Jul 19)
- Snort / Alert Management Best Practices Daryl J. Rue (Jul 19)
  - Re: Snort / Alert Management Best Practices Frank Knobbe (Jul 19)
- <Possible follow-ups>
- Re: ignore bad rule on startup Klein, Jeremie (Jul 19)
  - Re: ignore bad rule on startup kakomon (Jul 19)
    - Re: ignore bad rule on startup Joel Esler (Jul 19)
    - Re: ignore bad rule on startup Matthew Watchinski (Jul 19)