[Snort-users] Re: vision.conf

Max Vision vision at ...4...
Wed Mar 28 20:16:34 EST 2001


Frank,

This is on the todo list, however it is redundant, as arachNIDS was meant
as a point of reference for intrusion events.  Each IDS record should have
(an in most cases already do have) references to CVE, BID, etc.

If a person is looking through their IDS logs and sees an attack, the most
relevant possible place they can go to read about the attack is arachNIDS.
It is specifically designed to give information about an intrusion event,
such as a plain english description of what the alert means, documentation
of false positives, and for those who need it, technical details about how
the signature was constructed. Other reference information, though
valuable, can just as easily be referenced from arachNIDS.

In other words, I plan to add reference tags, but I don't think it will be
used by the end users.

Max

On Wed, 28 Mar 2001, Frank Reid wrote:
> Max,
>
> Are there any plans to update the vision.conf rules sets to incorporate the
> new reference tags in the current Snort?  Thanks.
>
> Frank
>
>





More information about the Snort-users mailing list