[Snort-users] philosophical question

RR rehmanr at ...6488...
Wed Jul 31 08:26:05 EDT 2002


I would say yes. That is a good starting point. However you may need to
write your own rules as well for some specific things that you want to
monitor. Remember, pre-defined rules don't do "everything".

HTH

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Eduard San
Anselmo
Sent: Wednesday, July 31, 2002 11:00 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] philosophical question


I've just installed snort and everything seems to work fine. Too fine, I
would say: my sensor is informing of many alerts that aren't so, I mean,
there are lots of false positives that I'm supposed to tune. That's my
question: what does tuning mean? The way I see it is that I have to look
at the alerts and change some things in the rules that triggered those
alerts, so they won't bother me again. Is that a good point of view?
Thank you.



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list