[Snort-users] Books, URLS, Info On Reading & Understanding Snort Alerts

Erek Adams erek at ...950...
Tue Jul 22 04:53:03 EDT 2003

On Mon, 21 Jul 2003, Steve Nutt wrote:

> I am trying to better understand how one would research and determine what
> is actually happening with the network alerts. I have snort and snortsnarf.
> I get activity but I don't have a clue about how to go about validating the
> actual alert. Does someone have a good site, book, magazine, class, user
> group etc. that will point me in the direction to acquire the knowledge to
> understand my alerts.
> I get an alert and GFI but spend hours reading about someone else's attempts
> to understand the same thing.

Check the "Required Reading" section of the FAQ [0].  #1.4  The 'IDS' book
section is what you really need to understand things.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.snort.org/docs/FAQ.txt

More information about the Snort-users mailing list