[Snort-users] Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)
mkettler at ...4108...
Thu May 29 13:51:07 EDT 2003
At 01:46 PM 5/29/2003 -0500, Williams Jon wrote:
> apologize if this seems a bit troll-like, I don't intend it to be. I
>posted this message a couple of weeks ago and got zero responses.
> Since I don't get
>any response, I'm not sure if a) people are too concerned about their
>corporate security to share, b) are willing to share but are no longer on
>this particularl list, c) are willing to answer, but my situation is unique,
>or d) there's no answer to my problems.
>So, is there a better list for advanced snort issues and/or enterprise snort
>deployment questions? If not, are there people on this list who've gone
>through these issues and don't want to discuss them in a public forum?
I'm definitely closest to C.. but in reality my case is "I'm willing to
help, but I'm a single-analyst shop here, so I have zero experience with
the issues you raise and don't feel I can contribute anything meaningful to
I think what you're likely to find is that the "most willing to help" types
are the hobbyist and small-shop users.
From what I've seen, most enterprise level admins are severely bogged down
and over-tasked. As such they aren't likely to have "spare time" available
to answer questions and contribute back. Also being an open-source product
that isn't sold in a box with a nice silver-pressed CD will prevent some
enterprises from even considering using it in the first place...
So I suspect that there's a somewhat limited percentage of snort users that
are at the "enterprise" level, and those that are, are also the ones that
are not likely to have spare time..
As for being in the right place, this is the only mailing list I know of
for generalized snort discussion, and I don't know of anyplace more
appropriate for enterprise level discussion..
More information about the Snort-users