[Snort-sigs] Bases for writting snort rules

Guy Martial Nkenne Tchassi nkennetguy at ...2420...
Tue Jun 4 08:02:25 EDT 2013


Thanks for your reaction but i'm still not understanding the criteria on
wich snort rules currently released on snort.org are written.
The purpose for this question is to know how to obtain the description of
well-known intrusions in order to get a clearer definition of what is an
'intrusion'.

Please help me understand better.


2013/5/16 lists at ...3397... <lists at ...3397...>

> On 05/16/2013 07:34 AM, Guy Martial Nkenne Tchassi wrote:
> > Then for each treat, there is a
> > sort of predefined set of actions that can be undertaken to eliminate the
> > threats.
>
> The 'References' section of the individual signatures are a good place to
> apply
> some context around the particular signature and potential remediation
> options.
>  That being said, the references are not comprehensive nor are they a
> road-map
> to full remediation.  I'm unaware of any database that provides a mapping
> of
> snort signatures to incident severity to remediation/mitigation methods.
>  As I
> understand it this task is the responsibility of the IDS analyst and is
> actually
> one of the core roles I believe an analyst should be capable of performing.
> Remediation options and mitigation approaches will also vary based on
> organizational risk assessment, LOB impact, etc.
>
> Should such an undertaking occur to develop such a data warehouse I see it
> is
> daunting with a high propensity to be incomplete and unable to address the
> niche
> needs of each organization.
>
> Cheers,
> Nathan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130604/ee10e1c7/attachment.html>


More information about the Snort-sigs mailing list