Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Roeland Weve (roelandoffice.netland.nl)
Date: Wed Mar 14 2001 - 04:56:06 CST
I am working on a project to implement an IDS in our network.
First I had to figure out which IDS to use and where to put it in the
That wasn't that difficult, I probibly use Snort with to interfaces,
But now I'm having troubles with the rules database. When I will finish
the project, almost everything must go automaticly.
Two reasons: I will leave and nobody else has the time to mantain it
I can remove the non-important rules from the database and let Snort run
on a machine and if there is suspicious hack attempt,
the machine must warn somebody that an intruder is trying to hack (I'll
have to implement this, somebody has any ideas on this point?).
How can I automatic add rules, that are important enough to warn
somebody, to the database?
I thought about it, but I think this is quite a difficult subject.
Snort-users mailing list
Go to this URL to change user options or unsubscribe: