Snort mailing list archives
Re: rules for system compromise only.
From: lists <echo () beltrani com>
Date: Thu, 7 Aug 2003 11:30:27 -0400 (EDT)
If you're trying to verify the integrity of specific systems
you may want to look at host based tools like tripwire that will
alert you to file system modifications.
Tripwire is available at:
http://www.tripwire.org/ (Open Source)
http://www.tripwiresecurity.com/ (Commercial)
- Paul Beltrani
On Wed, 6 Aug 2003, Kyle D Nash wrote:
...
I am looking to deploy snort on some desktops. I want to use only rules that would detect a system compromise and nothing else. Any suggestions on how I might go about this? Thank you, Kyle Nash
... ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules for system compromise only. Kyle D Nash (Aug 07)
- Re: rules for system compromise only. lists (Aug 07)