|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Snort
From: Alex Butcher, ISC/ISYS (Alex.Butcher
bristol.ac.uk)
Date: Mon Oct 04 2004 - 09:43:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On 30 September 2004 20:35 -0400 Martin Roesch <roeschsourcefire.com>
wrote:
> Just one note from me. If you're going to only pay attention to
> priority 1 events then you need to tune the priorities on your rules for
> your environment.
Quite correct, Marty (unsurprisingly!). Incidentally, by 'report on ' I was
meaning 'send email about' or similar. It's good practice, IMHO, to log
*everything* (albeit thresholded, maybe) for later analysis of events.
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]