[Snort-users] Whatever OS We Use

Frank Knobbe fknobbe at ...652...
Tue Mar 19 07:50:08 EST 2002


On Mon, 2002-03-18 at 09:48, Erickson Brent W KPWA wrote:
> [...]
> 1. Real time alerting (in many probes and attacks, Snort provides us an
> early enough warning to take action provided we are paying attention)
> 
> 2. Near real time or after action analysis. Give me the data content on
> that suspicious alert e-mail message that I just received.
> [...]
> 5. Snort logging all traffic for archive and analysis, two Snort
> sniffers streaming the data to 2 NICs on a terabyte server with direct
> crossover cables.
> [...]


Brent,

how do you sift through all the masses of data? How do you determine
what traffic to investigate? Have you guys at the Navy created some best
practice documents (outlining how to deal with the traffic volume) that
can be shared with the public?

Also, what supplement IDS's are you using? (Is Shadow still used much?)

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020319/7bbf1a5a/attachment.sig>


More information about the Snort-users mailing list