Re: Any Good Books out there?

["Joel Esler (jesler)" <jesler () cisco com>]

I can’t say that we haven’t been approached about writing a new one.  Because we have.  However, there are only so many 
hours of the day.

--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Dec 1, 2016, at 5:49 PM, Marcin Dulak <marcin.dulak () gmail com<mailto:marcin.dulak () gmail com>> wrote:

Hi,

in my opinion the snort manual (we are talking about manual.snort.org<http://manual.snort.org/>) focuses
on the technical details and does not provide a context of why snort does what it does. I can recommend two books that 
provide some context:
- https://www.amazon.com/Applied-Network-Security-Monitoring-Collection/dp/0124172083 - short, less technical, a good 
place to start
- https://www.amazon.com/Snort-Toolkit-Beales-Source-Security/dp/1597490997 - long, very old, but provides a lot of 
context and funny statements like
"The actual code that parses the various options within Snort is scattered throughout the code base" on page 177 of the 
2007 edition, or a mention of snort 3.0 on page 179!

It's pretty outrageous that such a fundamental field as network monitoring is still considered an art and there are no 
readily available materials.

Marcin

On Thu, Dec 1, 2016 at 7:23 PM, Justin Pederson <jpedersm () gmail com<mailto:jpedersm () gmail com>> wrote:
I'm just getting into snort.  While there is allot of information out there on snort, allot of it is not strait 
forward.  If I am looking for a book to get up to speed on they system.  By chance does anyone know of any good books 
to read?

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! 
http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!