[Snort-users] Now what?

Subba Rao subba9 at ...530...
Thu Sep 13 06:08:01 EDT 2001


It is a pure coincidence that this particular customer I am working
with, has seen the output of Snort alerts for the first time the day
after tragic events on Tuesday. Their physical security ratings
(in my books) went from a negative range to a close to 100%.
Their network security posture is also improving at very good
increments.

The Snort alerts were generated with the default rules set from 1.8.1
tree. I have listed Priority 10, 8 and 7 alerts for their review. They
are in a kind of worried now and want to know what to do next? I recommended
that they start discussing their policies (Yes, they do have them) and
start implementing them. It looks like I have to hold their hands and guide
them to implement their policies. How and where do I start to help
them implement their policies?

Any pointers and advice appreciated.

Thank you in advance.
-- 

Subba Rao
subba9 at ...530...
http://members.home.net/subba9/

GPG public key ID CCB7344E
Key fingerprint = A8DD 4CBA 1E9B D962 A55B  2B55 BAFE 92C5 CCB7 344E




More information about the Snort-users mailing list