Rules optimization

["Vuppala, Vijaybhasker (EM, GECIS)" <Vijaybhasker.Vuppala () geind ge com>]

Hi,

I have used Snort ver 1.8.7 on Redhat Linux 7.3 with Default Rules provided
for pilot and I see tons of Alerts being generated. In about 40hours time
there are more than a lakh alerts and the database size is 1.9GB.  I see
most of the alerts are of no concern. I know lot of optimization needs to be
done but I'm worried i might disable real alerts.

If some one has already worked on this and can share their Rules and
snort.conf enabling the same it would be great. or else pls through some
guidelines as to how to go forward for this optimization.


Regards,
Vijay


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users