Re: alert messages

From: Thomas (TheTom_at_UnixIsNot4Dummies.ORG)
Date: 03/09/04

  • Next message: Michael Stone: "Re: blocking p2p traffic"
    To: "Rodrigo B. Ramos" <rodrigo.ramos@triforsec.com.br>
    Date: Tue, 09 Mar 2004 12:48:48 +0100
    
    

    Am Mi, 2004-03-03 um 19.52 schrieb Rodrigo B. Ramos:
    > Hi!

    Hi.

    > Can anyone help me in the following job?
    >
    > The X Company has more than 1000 machines (desktop and servers) on their
    > WAN. They installed snort as an IDS, they are logging remotely and
    > sending alerts by email and by sms to mobiles.
    >
    > What are the best steps to customize the alerts? The phone company
    > thought that the servers were doing some spam jobs. They send many, many
    > alerts and probably almost flood the phone phone company network.
    >
    > What is the best way to tell the system to send alerts? Which math
    > should I use?

    First avoid sending every alert via SMS.
    Second there are some papers out there about data reduction.
    A simple example would be the syslogd code that collects equal
    messages for a predefined timeinterval and write only one of them
    to a log file with a note like: "The last messages appears 123 time."

    Bye,
    Thomas

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------


  • Next message: Michael Stone: "Re: blocking p2p traffic"

    Relevant Pages

    • RE: alert messages
      ... Security event management and correlation products, ... also correlate an IDS alert with whether or not the target system appears to ... The benefit is that the number of alerts you see is significantly reduced, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • alert messages
      ... The X Company has more than 1000 machines (desktop and servers) on their ... What are the best steps to customize the alerts? ... alerts and probably almost flood the phone phone company network. ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: alert messages
      ... I don't think there's any simple "math" to adequately answer your request, ... especially with so little specifics info about the kind of alerts your ... >Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: [2nd attempt] keep getting Windows firewall message
      ... alerts, or rather a way to keep the user settings for alerts from ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ...
      (microsoft.public.windowsxp.general)
    • RE: getting alerts about system upgrades
      ... getting alerts about system upgrades ... security lists every day. ... "We are trying to figure out how you conduct a war against ...
      (freebsd-questions)