[Snort-users] General Snort Help!
erek at ...950...
Tue Jan 21 19:06:03 EST 2003
On Tue, 21 Jan 2003, Lorraine Cannavale wrote:
> Hello, I am very new at the whole Intrusion Detection Process and especially
> There is a network administrator here that has installed an IDS utilizing
> snort, etc and is responsible for maintaining the system.
> I was hired by the Security Administrator to help monitor the alerts on a
> daily basis, analyze the data, and help reduce the false positives.
> So, I have the easy job, but I'm having major difficulties understanding
> what the alerts actually mean and deciphering what is a false positive, true
> intrusion, or just an informational alert. I have read the Snort user
> manual, understand how to read the rules, and have found some information on
> the alerts, but it is still confusing to me.
> Can anyone recommend additional resources that would help me (books, on-line
> manuals, or web sites)?
> I've read emails from the Snort mailing list and this all seems to make a
> lot of sense to everyone else, I'm curious how you all obtained your
> knowledge and if there is anything you can share with me!?
In my opinion, in order of need/usefulness:
TCP/IP Illustrated, Volume 1 The Protocols by W. Richard Stevens
Network Intrusion Detection An Analyst's Handbook by Stephen Northcutt
Intrusion Signatures and Analysis by Stephen Northcutt
Intrusion Detection by Rebecca G. Bace
The rest.... Well, just get on a .edu network and learn. ;-)
Hope that's of some help!
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users