Snort mailing list archives
Re: Reliability of signatures
From: Crusty Saint <saintcrusty () gmail com>
Date: Fri, 4 Feb 2011 17:12:13 +0100
For now a flag for false-pos and one for false-neg would be nice to have. Never mind digging into snort.org/search every time. 2011/2/4 Martin Roesch <roesch () sourcefire com>
On Fri, Feb 4, 2011 at 10:16 AM, Jim Hranicky <jfh () ufl edu> wrote:On Fri, 4 Feb 2011 09:13:12 -0600 Martin Holste <mcholste () gmail com> wrote:Seems like there'd almost need to be a central place that various entities could report their findings. I know we've got rules that we rely on heavily and work very well for us, but other than mailingliststhere's no place to report our findings.Hm, you mean like a vote up/down system like StackOverflow.com? That could be really interesting. It would be very valuable to see what others are finding to be helpful.Sure, something like that - that would actually be very cool.I like that idea too. It'd make a lot of sense to integrate it into snort.org - in fact there's probably a lot of data about Snort detection performance, config options and rule quality we could put up there. Communication favors the defender... Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- - - - Security Engineer - Tags: Analyst Systems Security Linux Firewall Network Web Troubleshooting - If you think I deserve a rant, write me off-list
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Reliability of signatures, (continued)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)