[Snort-users] Making Snort Rules More "Sensitive"

Rich Lichvar rlichvar at ...9486...
Tue Jun 17 08:28:10 EDT 2003


1. I'm a Snort (and pretty much Linux/Unix) newbie. Just getting back into
this after several months hiatus.

2. We got dinged in a security audit last year about our IDS rules (Snort)
not being "sensitive enough" and were told we needed to raise (lower?) the
sensitivity thresholds. Okay, if some one can tell me where to start looking
to accomplish this, I'd really appreciate the help.

Richard L. Lichvar
Director, Operations
Knowledge Resource Center, Inc.
Phone: 703-848-2100 x228
Fax: 703-848-4747
Mobile: 571-221-3430





More information about the Snort-users mailing list