[Snort-users] rule database

Roeland Weve roeland at ...1415...
Wed Mar 14 05:56:06 EST 2001


I am working on a project to implement an IDS in our network.
First I had to figure out which IDS to use and where to put it in the
network.
That wasn't that difficult, I probibly use Snort with to interfaces,
great!

But now I'm having troubles with the rules database. When I will finish
the project, almost everything must go automaticly.
Two reasons: I will leave and nobody else has the time to mantain it
everyday.

I can remove the non-important rules from the database and let Snort run
on a machine and if there is suspicious hack attempt,
the machine must warn somebody that an intruder is trying to hack (I'll
have to implement this, somebody has any ideas on this point?).

How can I automatic add rules, that are important enough to warn
somebody, to the database?

I thought about it, but I think this is quite a difficult subject.

Thanks alot,

Roeland






More information about the Snort-users mailing list