I am working on a project to implement an IDS in our network.
First I had to figure out which IDS to use and where to put it in the
network.
That wasn't that difficult, I probibly use Snort with to interfaces,
great!

But now I'm having troubles with the rules database. When I will finish
the project, almost everything must go automaticly.
Two reasons: I will leave and nobody else has the time to mantain it
everyday.

I can remove the non-important rules from the database and let Snort run
on a machine and if there is suspicious hack attempt,
the machine must warn somebody that an intruder is trying to hack (I'll
have to implement this, somebody has any ideas on this point?).

How can I automatic add rules, that are important enough to warn
somebody, to the database?

I thought about it, but I think this is quite a difficult subject.

Thanks alot,

Roeland

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]