IDS mailing list archives
Re: Snort
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 04 Oct 2004 15:43:53 +0100
--On 30 September 2004 20:35 -0400 Martin Roesch <roesch () sourcefire com> wrote:
Just one note from me. If you're going to only pay attention to priority 1 events then you need to tune the priorities on your rules for your environment.
Quite correct, Marty (unsurprisingly!). Incidentally, by 'report on ' I was meaning 'send email about' or similar. It's good practice, IMHO, to log *everything* (albeit thresholded, maybe) for later analysis of events.
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Snort vvaduva (Sep 30)