RE: Snort
From: Leon De France (Leon.DeFrance_at_Siebel.com)
Date: 09/30/04
- Previous message: Julius Detritus: "RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne"
- Maybe in reply to: Wozny, Scott (US - New York): "RE: Snort"
- Next in thread: Phil Hollows: "RE: Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 15:53:07 -0600 To: "Jeremy Gonzales" <jerdgonzales@yahoo.com>, focus-ids@securityfocus.com
You can try what was silicon defense's snortsnarf. It will not get rid
of false positives, but it does a good job with reports imo
http://www.snort.org/dl/contrib/data_analysis/snortsnarf/
There is also ACID.
Leon
-----Original Message-----
From: Jeremy Gonzales [mailto:jerdgonzales@yahoo.com]
Sent: Monday, September 27, 2004 3:09 PM
To: focus-ids@securityfocus.com
Subject: Snort
Hi,
Does anyone have experience with snort reports? How do
you deal with the loads of information? Is there a way
to generate reports that eliminate the false
positives? Any help will be appreciated.
Thanks,
Jeremy.
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
------------------------------------------------------------------------
-- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- ------------------------------------------------------------------------------ This e-mail message is for the sole use of the intended recipient(s) and contains confidential and/or privileged information belonging to Siebel Systems, Inc. or its customers or partners. Any unauthorized review, use, copying, disclosure or distribution of this message is strictly prohibited. If you are not an intended recipient of this message, please contact the sender by reply e-mail and destroy all soft and hard copies of the message and any attachments. Thank you for your cooperation. ==================================================== -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Julius Detritus: "RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne"
- Maybe in reply to: Wozny, Scott (US - New York): "RE: Snort"
- Next in thread: Phil Hollows: "RE: Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
