Snort mailing list archives
Re: Whatever OS We Use
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 19 Mar 2002 09:49:43 -0600
On Mon, 2002-03-18 at 09:48, Erickson Brent W KPWA wrote:
[...] 1. Real time alerting (in many probes and attacks, Snort provides us an early enough warning to take action provided we are paying attention) 2. Near real time or after action analysis. Give me the data content on that suspicious alert e-mail message that I just received. [...] 5. Snort logging all traffic for archive and analysis, two Snort sniffers streaming the data to 2 NICs on a terabyte server with direct crossover cables. [...]
Brent, how do you sift through all the masses of data? How do you determine what traffic to investigate? Have you guys at the Navy created some best practice documents (outlining how to deal with the traffic volume) that can be shared with the public? Also, what supplement IDS's are you using? (Is Shadow still used much?) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Whatever OS We Use Erickson Brent W KPWA (Mar 18)
- Re: Whatever OS We Use Frank Knobbe (Mar 19)
- <Possible follow-ups>
- Re: Whatever OS We Use Mike Shaw (Mar 18)
- Re: Whatever OS We Use John Sage (Mar 18)