alert messages

From: Rodrigo B. Ramos (rodrigo.ramos_at_triforsec.com.br)
Date: 03/03/04

  • Next message: Gary Freeman: "Any Intrusion Detection Appliances handle wired and wireless networks?"
    To: focus-ids@securityfocus.com
    Date: Wed, 03 Mar 2004 15:52:06 -0300
    
    

    Hi!

    Can anyone help me in the following job?

    The X Company has more than 1000 machines (desktop and servers) on their
    WAN. They installed snort as an IDS, they are logging remotely and
    sending alerts by email and by sms to mobiles.

    What are the best steps to customize the alerts? The phone company
    thought that the servers were doing some spam jobs. They send many, many
    alerts and probably almost flood the phone phone company network.

    What is the best way to tell the system to send alerts? Which math
    should I use?

    I know I can know have to disable some types of rules that just can't
    affect the ambient, I know I can count packets by priorities, by type of
    alerts, by packets, ... But what math can I use to send the alerts
    without flooding mail boxes and mobiles?

    Best Regards,

    -- 
    Rodrigo Buarque Ramos
    GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
    Key fingerprint = F381 366D D233 22B4 7E72  A21D DE9B 2FF3 71CF E098
    55 81 88513524
    55 81 3463.1593
    http://www.triforsec.com.br
    http://www.defenselayer.com
    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security
    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------
    

  • Next message: Gary Freeman: "Any Intrusion Detection Appliances handle wired and wireless networks?"

    Relevant Pages

    • Re: alert messages
      ... > sending alerts by email and by sms to mobiles. ... > alerts and probably almost flood the phone phone company network. ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: alert messages
      ... Security event management and correlation products, ... also correlate an IDS alert with whether or not the target system appears to ... The benefit is that the number of alerts you see is significantly reduced, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: [2nd attempt] keep getting Windows firewall message
      ... alerts, or rather a way to keep the user settings for alerts from ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ...
      (microsoft.public.windowsxp.general)
    • RE: getting alerts about system upgrades
      ... getting alerts about system upgrades ... security lists every day. ... "We are trying to figure out how you conduct a war against ...
      (freebsd-questions)
    • Re: disabling the security status window from appearing on logon
      ... You want Service Center to do is display the alerts once. ... Security Center service must be running and should set to Automatic. ... Security Center to display the alerts for only for particular events. ... must be a reg file and I wouldn't mind knowing how to find that.... ...
      (microsoft.public.windowsxp.customize)