Re: Any Good Books out there?

[Justin Pederson <jpedersm () gmail com>]

Thank you guys so far you all have been great.  Im not at work right now
but will check the scan_local option tomorrow.  Marcin your correct about
network logging being a form of art.  I know a forensic guy and when
talking to his specialist for netflow there really isn't anything out there
for in-depth explanation on things just high level stuff.

On Thu, Dec 1, 2016 at 5:18 PM, Joel Esler (jesler) <jesler () cisco com>
wrote:

> I can’t say that we haven’t been approached about writing a new one.
> Because we have.  However, there are only so many hours of the day.
>
> *--*
> *Joel Esler *| *Talos:* Manager | jesler () cisco com
>
>
>
>
>
>
> On Dec 1, 2016, at 5:49 PM, Marcin Dulak <marcin.dulak () gmail com> wrote:
>
> Hi,
>
> in my opinion the snort manual (we are talking about manual.snort.org)
> focuses
> on the technical details and does not provide a context of why snort does
> what it does. I can recommend two books that provide some context:
> - https://www.amazon.com/Applied-Network-Security-
> Monitoring-Collection/dp/0124172083 - short, less technical, a good place
> to start
> - https://www.amazon.com/Snort-Toolkit-Beales-Source-
> Security/dp/1597490997 - long, very old, but provides a lot of context
> and funny statements like
> "The actual code that parses the various options within Snort is scattered
> throughout the code base" on page 177 of the 2007 edition, or a mention of
> snort 3.0 on page 179!
>
> It's pretty outrageous that such a fundamental field as network monitoring
> is still considered an art and there are no readily available materials.
>
> Marcin
>
> On Thu, Dec 1, 2016 at 7:23 PM, Justin Pederson <jpedersm () gmail com>
> wrote:
>
> > I'm just getting into snort.  While there is allot of information out
> > there on snort, allot of it is not strait forward.  If I am looking for a
> > book to get up to speed on they system.  By chance does anyone know of any
> > good books to read?
> >
> > ------------------------------------------------------------
> > ------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot______
> _________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!