[Snort-users] General Snort Help!

larc larc at ...1187...
Wed Jan 22 02:39:08 EST 2003


Like other mention there are books, but there is also another way that I prefer.
Take the 'Track 3: Intrusion Detection In-Depth' training from sans institute and you will hear all you ever wanted know from some of the best IDS analysts.

Stefan D.

------------------------
 Lorraine Cannavale <LCannavale at ...8048...> wrote:
------------------------
Hello, I am very new at the whole Intrusion Detection Process and especially
>snort.
>There is a network administrator here that has installed an IDS utilizing
>snort, etc and is responsible for maintaining the system.
>I was hired by the Security Administrator to help monitor the alerts on a
>daily basis, analyze the data, and help reduce the false positives.
>So, I have the easy job, but I'm having major difficulties understanding
>what the alerts actually mean and deciphering what is a false positive, true
>intrusion, or just an informational alert.  I have read the Snort user
>manual, understand how to read the rules, and have found some information on
>the alerts, but it is still confusing to me.
> 
>Can anyone recommend additional resources that would help me (books, on-line
>manuals, or web sites)?
>I've read emails from the Snort mailing list and this all seems to make a
>lot of sense to everyone else, I'm curious how you all obtained your
>knowledge and if there is anything you can share with me!?
> 
>I apologize in advance if this is not the correct list for the question.
>Any help or advice would be greatly appreciated.
> 
>Thank you so much!
>Lorraine 
>(lcannavale at ...8048...)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 
>  
> 
>
> 
>  Clean
>  Clean
>  DocumentEmail
>  
>  
>   
>   
>   
>   
>  
>  MicrosoftInternetExplorer4
> 
>
>
>st1\:*{behavior:url(#default#ieooui) }
>
>
>
>
>
>
>
> /* Style Definitions */ 
> table.MsoNormalTable
>	{mso-style-name:"Table Normal";
>	mso-tstyle-rowband-size:0;
>	mso-tstyle-colband-size:0;
>	mso-style-noshow:yes;
>	mso-style-parent:"";
>	mso-padding-alt:0in 5.4pt 0in 5.4pt;
>	mso-para-margin:0in;
>	mso-para-margin-bottom:.0001pt;
>	mso-pagination:widow-orphan;
>	font-size:10.0pt;
>	font-family:"Times New Roman";}
>
>
>
>
>
>
>
>
>Hello, I am very new at the whole Intrusion 
>Detection
>Process and especially snort.
>
>There is a network administrator here that has 
>installed an IDS utilizing snort, etc and is responsible for
>maintaining the system.
>
>I was hired by the Security Administrator to help 
>monitor
>the alerts on a daily basis, analyze the data, and help reduce the 
>false
>positives.
>
>So, I have the easy job, but I'm having major
>difficulties understanding what the alerts actually mean and 
>deciphering what
>is a false positive, true intrusion, or just an informational 
>alert. I have read the Snort user 
>manual,
>understand how to read the rules, and have found some information on 
>the
>alerts, but it is still confusing to me.
>
>
>
>Can anyone recommend additional resources that would 
>help me
>(books, on-line manuals, or web sites)?
>
>I've read emails from the Snort mailing list and 
>this
>all seems to make a lot of sense to everyone else, I'm curious how you
>all obtained your knowledge and if there is anything you can share with 
>me!?
>
>
>
>I apologize in advance if this is not the correct 
>list for
>the question.
>
>Any help or advice would be greatly
>appreciated.
>
>
>
>Thank you so much!
>
>Lorraine 
>
>
>(lcannavale at ...8048...)
>
>
>
>






More information about the Snort-users mailing list