Analysing captured SNORT data

[Michelle Shawcross <Michelle.Shawcross () mornpen vic gov au>]

Ok, so I've done the "easy" bit and managed to get SNORT working on a Windows 2012 R2 VM with port mirroring and it's 
happily firing off a whole lot of alerts to my syslog server... now for the hard part... how the heck do I whittle it 
down to get just the important stuff? I've done a bit of research and found a product called ACID for analysis of IDS 
data but it doesn't look current anymore. Unfortunately I've no hacking experience and very little idea of what we 
should be looking for. If anyone could give me some pointers on where to start that would be most appreciated.

Cheers!

Michelle

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DISCLAIMER: This email (and any attachments) is for the intended recipient only and may contain privileged, 
confidential or copyright information. If you have received it in error, please notify the sender immediately and 
delete the original. Any other use of the email by you is prohibited. The Mornington Peninsula Shire Council does not 
accept liability for any damage caused by this email or its attachments due to viruses, corruption, delay, 
interruption, unauthorised access or use. Any views expressed in this message are those of the individual sender and 
may not necessarily reflect the views of the Mornington Peninsula Shire Council.
 
Protecting your privacy and your personal information is an important responsibility of Council. Our privacy policy 
outlines Councils commitment to compliance with both State and Commonwealth privacy and data protection legislation. We 
will only collect personal information from you with your prior knowledge and consent. We will only use personal 
information provided by you for the purposes for which it was collected. We will not disclose your personal information 
without consent to a third party, State institution or authority except if required by law or other regulation. We have 
implemented technology and security policies, rules and measures to protect the personal information that we have under 
our control from: unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental 
loss. We will remove personal information from our system where it is no longer required (except where archiving is 
required).
 
For further information please refer to our privacy policy available online 
www.mornpen.vic.gov.au/Information_Pages/Privacy

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!