[Snort-users] Books, URLS, Info On Reading & Understanding Snort Alerts

Erek Adams erek at ...950...
Tue Jul 22 04:53:03 EDT 2003


On Mon, 21 Jul 2003, Steve Nutt wrote:

> I am trying to better understand how one would research and determine what
> is actually happening with the network alerts. I have snort and snortsnarf.
> I get activity but I don't have a clue about how to go about validating the
> actual alert. Does someone have a good site, book, magazine, class, user
> group etc. that will point me in the direction to acquire the knowledge to
> understand my alerts.
>
> I get an alert and GFI but spend hours reading about someone else's attempts
> to understand the same thing.

Check the "Required Reading" section of the FAQ [0].  #1.4  The 'IDS' book
section is what you really need to understand things.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.snort.org/docs/FAQ.txt




More information about the Snort-users mailing list