Re: Couple of questions.

[Jeremy Hoel <jthoel () gmail com>]

A nessus scan may or may not trigger alerts depending on the plugins you
used to scan, the services you have listening and any firewalls or iptables
rules that might be in place.  Which interface you have snort listening on
is a matter of preference and what you are hoping to see/alert on.  If it's
your gateway doing NAT and you monitor the wan interface, you won't get the
client IP's that might be sending out bad things, or the client ip's that
bad things talk too.  If you watch just the inside and it's secure then it
might be boring.

In either case, you will have to do rule filtering, adjusting and white
listing/thresholds of things you don't want to see, alerts you don't care
about or machines that are false positives.  Snort is not just a turn it on
and go thing.  The fact that you see alerts means it's working, now it's up
to you to figure out what type of alerts you want to see and from where.

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!