[Snort-users] Whatever OS We Use
fknobbe at ...652...
Tue Mar 19 07:50:08 EST 2002
On Mon, 2002-03-18 at 09:48, Erickson Brent W KPWA wrote:
> 1. Real time alerting (in many probes and attacks, Snort provides us an
> early enough warning to take action provided we are paying attention)
> 2. Near real time or after action analysis. Give me the data content on
> that suspicious alert e-mail message that I just received.
> 5. Snort logging all traffic for archive and analysis, two Snort
> sniffers streaming the data to 2 NICs on a terabyte server with direct
> crossover cables.
how do you sift through all the masses of data? How do you determine
what traffic to investigate? Have you guys at the Navy created some best
practice documents (outlining how to deal with the traffic volume) that
can be shared with the public?
Also, what supplement IDS's are you using? (Is Shadow still used much?)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 350 bytes
Desc: This is a digitally signed message part
More information about the Snort-users