[Snort-users] philosophical question

RR rehmanr at ...6488...
Wed Jul 31 08:26:05 EDT 2002

I would say yes. That is a good starting point. However you may need to
write your own rules as well for some specific things that you want to
monitor. Remember, pre-defined rules don't do "everything".


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Eduard San
Sent: Wednesday, July 31, 2002 11:00 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] philosophical question

I've just installed snort and everything seems to work fine. Too fine, I
would say: my sensor is informing of many alerts that aren't so, I mean,
there are lots of false positives that I'm supposed to tune. That's my
question: what does tuning mean? The way I see it is that I have to look
at the alerts and change some things in the rules that triggered those
alerts, so they won't bother me again. Is that a good point of view?
Thank you.

This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list