Re: Snort

From: James Riden (j.riden_at_massey.ac.nz)
Date: 10/05/04

  • Next message: Andy Cuff: "RE: Network Tappers"
    To: focus-ids@securityfocus.com
    Date: Tue, 05 Oct 2004 14:24:03 +1300
    
    

    "Alex Butcher, ISC/ISYS" <Alex.Butcher@bristol.ac.uk> writes:

    > --On 30 September 2004 20:35 -0400 Martin Roesch
    > <roesch@sourcefire.com> wrote:
    >
    >> Just one note from me. If you're going to only pay attention to
    >> priority 1 events then you need to tune the priorities on your rules for
    >> your environment.
    >
    > Quite correct, Marty (unsurprisingly!). Incidentally, by 'report on '
    > I was meaning 'send email about' or similar. It's good practice, IMHO,
    > to log *everything* (albeit thresholded, maybe) for later analysis of
    > events.

    Absolutely. That nessus scan today might turn into a full-blown attack
    tomorrow and it's nice to be able to correlate all the activity from a
    particular IP address/range.

    cheers,
     Jamie

    -- 
    James Riden / j.riden@massey.ac.nz / Systems Security Engineer
    GPG public key available at: http://www.massey.ac.nz/~jriden/
    This post does not necessarily represent the views of my employer.
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Andy Cuff: "RE: Network Tappers"

    Relevant Pages

    • Re: Snort
      ... priority 1 events then you need to tune the priorities on your rules ... problem with basic priority as it's generated by most IDSes is that the ... impact on your particular network. ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Snort
      ... > priority 1 events then you need to tune the priorities on your rules for ... > your environment. ... meaning 'send email about' or similar. ...
      (Focus-IDS)
    • Re: ABC names "World News Tonight" anchors
      ... I tune in to all three from time to time. ... It is not a priority thing, ... see how the much maligned "old guard" is covering the news. ... Prev by Date: ...
      (rec.arts.tv)
    • Re: The needed input of CM in our society
      ... will get priority in the Obama administration: ... but the society is too sick to pay attention. ... too busy trying to believe in a "recovery" which is impossible because ... "what was" was based on bullshit and make-believe. ...
      (rec.music.classical.recordings)