Snort mailing list archives
Analysing captured SNORT data
From: Michelle Shawcross <Michelle.Shawcross () mornpen vic gov au>
Date: Tue, 13 Sep 2016 06:44:56 +0000
Ok, so I've done the "easy" bit and managed to get SNORT working on a Windows 2012 R2 VM with port mirroring and it's happily firing off a whole lot of alerts to my syslog server... now for the hard part... how the heck do I whittle it down to get just the important stuff? I've done a bit of research and found a product called ACID for analysis of IDS data but it doesn't look current anymore. Unfortunately I've no hacking experience and very little idea of what we should be looking for. If anyone could give me some pointers on where to start that would be most appreciated. Cheers! Michelle ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DISCLAIMER: This email (and any attachments) is for the intended recipient only and may contain privileged, confidential or copyright information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. The Mornington Peninsula Shire Council does not accept liability for any damage caused by this email or its attachments due to viruses, corruption, delay, interruption, unauthorised access or use. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the Mornington Peninsula Shire Council. Protecting your privacy and your personal information is an important responsibility of Council. Our privacy policy outlines Councils commitment to compliance with both State and Commonwealth privacy and data protection legislation. We will only collect personal information from you with your prior knowledge and consent. We will only use personal information provided by you for the purposes for which it was collected. We will not disclose your personal information without consent to a third party, State institution or authority except if required by law or other regulation. We have implemented technology and security policies, rules and measures to protect the personal information that we have under our control from: unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. We will remove personal information from our system where it is no longer required (except where archiving is required). For further information please refer to our privacy policy available online www.mornpen.vic.gov.au/Information_Pages/Privacy
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Analysing captured SNORT data Michelle Shawcross (Sep 13)