alert messages

From: Rodrigo B. Ramos (rodrigo.ramos_at_triforsec.com.br)
Date: 03/03/04

  • Next message: Gary Freeman: "Any Intrusion Detection Appliances handle wired and wireless networks?" 
    To: focus-ids@securityfocus.com
Date: Wed, 03 Mar 2004 15:52:06 -0300

    Hi!

    Can anyone help me in the following job?

    The X Company has more than 1000 machines (desktop and servers) on their
    WAN. They installed snort as an IDS, they are logging remotely and
    sending alerts by email and by sms to mobiles.

    What are the best steps to customize the alerts? The phone company
    thought that the servers were doing some spam jobs. They send many, many
    alerts and probably almost flood the phone phone company network.

    What is the best way to tell the system to send alerts? Which math
    should I use?

    I know I can know have to disable some types of rules that just can't
    affect the ambient, I know I can count packets by priorities, by type of
    alerts, by packets, ... But what math can I use to send the alerts
    without flooding mail boxes and mobiles?

    Best Regards, 

    -- 
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72  A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
http://www.triforsec.com.br
http://www.defenselayer.com
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------
  • Next message: Gary Freeman: "Any Intrusion Detection Appliances handle wired and wireless networks?"

    Relevant Pages

    • Re: alert messages
      ... > sending alerts by email and by sms to mobiles. ... > alerts and probably almost flood the phone phone company network. ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: alert messages
      ... Security event management and correlation products, ... also correlate an IDS alert with whether or not the target system appears to ... The benefit is that the number of alerts you see is significantly reduced, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: [2nd attempt] keep getting Windows firewall message
      ... alerts, or rather a way to keep the user settings for alerts from ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ...
      (microsoft.public.windowsxp.general)
    • RE: getting alerts about system upgrades
      ... getting alerts about system upgrades ... security lists every day. ... "We are trying to figure out how you conduct a war against ...
      (freebsd-questions)
    • Re: Sec Balloons
      ... But later if I keep getting ballons to enable Norton 2005 I ... wonder if I could have stripped some keys using spybot or adaware which ive ... The Security Center alerts are just alerts and they aren't ...
      (microsoft.public.windowsxp.security_admin)