Snort mailing list archives
Too much of snort events
From: "Oleg Makarov" <oamakarov () platbox com>
Date: Thu, 12 May 2016 11:26:25 +0000
Hi guys! Please give me an advice, sorry I'm a newbie here. So I have Snort+Barnyard2+PulledPork+Aanval (as web siem)It works correctly. I found a lot of alerts with gen_id 129, sig_id 12 and gen_id 129, sig_id 4 and suppress them (it's not informative). I found them in Aanval and it's trying to upload whole mysql DB. But there are still too much alerts ~ 30events per second and it's nearly 800k events per day.
How can I more understand what are the events generating ? Thanks.
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Too much of snort events Oleg Makarov (May 12)
- Re: Too much of snort events Al Lewis (allewi) (May 12)
- Re: Too much of snort events Oleg Makarov (May 13)
- Re: Too much of snort events Al Lewis (allewi) (May 12)