Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False alerts

From: Phil Wood <cpw () lanl gov>
Date: Tue, 18 Dec 2001 15:11:24 -0700
And while your at it, have snort nmap -O all the systems on $HOME_NET 
and with the abundant info returned, answer the questions itself, and
go on its merry way, leaving the satisfied customer oblivous.

On Wed, Dec 19, 2001 at 10:18:27AM +1300, Steve Hutchins wrote:

Reading article: http://www.theregister.co.uk/content/55/23420.html

I wondered why snort couldn't come with
the ability or tool that asks which categories of
systems are in use on the network to be monitored.
So for example, you could spark up a configuration
wizard that presents a list of O/S and apps, then
removes the rules that don't apply to that environment.
Obviously, this would mean specific tagging of rules.
Anyone done something along this line? 

Obviously us 'techies' wouldn't use such a tool :O)

Steve

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: