[Snort-users] Books, URLS, Info On Reading & Understanding Snort Alerts
erek at ...950...
Tue Jul 22 04:53:03 EDT 2003
On Mon, 21 Jul 2003, Steve Nutt wrote:
> I am trying to better understand how one would research and determine what
> is actually happening with the network alerts. I have snort and snortsnarf.
> I get activity but I don't have a clue about how to go about validating the
> actual alert. Does someone have a good site, book, magazine, class, user
> group etc. that will point me in the direction to acquire the knowledge to
> understand my alerts.
> I get an alert and GFI but spend hours reading about someone else's attempts
> to understand the same thing.
Check the "Required Reading" section of the FAQ . #1.4 The 'IDS' book
section is what you really need to understand things.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users