[Snort-users] Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)

Matt Kettler mkettler at ...4108...
Thu May 29 13:51:07 EDT 2003

At 01:46 PM 5/29/2003 -0500, Williams Jon wrote:
>  apologize if this seems a bit troll-like, I don't intend it to be.  I
>posted this message a couple of weeks ago and got zero responses.
>  Since I don't get
>any response, I'm not sure if a) people are too concerned about their
>corporate security to share, b) are willing to share but are no longer on
>this particularl list, c) are willing to answer, but my situation is unique,
>or d) there's no answer to my problems.
>So, is there a better list for advanced snort issues and/or enterprise snort
>deployment questions?  If not, are there people on this list who've gone
>through these issues and don't want to discuss them in a public forum?

I'm definitely closest to C.. but in reality my case is "I'm willing to 
help, but I'm a single-analyst shop here, so I have zero experience with 
the issues you raise and don't feel I can contribute anything meaningful to 
help out".

I think what you're likely to find is that the "most willing to help" types 
are the hobbyist and small-shop users.

 From what I've seen, most enterprise level admins are severely bogged down 
and over-tasked. As such they aren't likely to have "spare time" available 
to answer questions and contribute back. Also being an open-source product 
that isn't sold in a box with a nice silver-pressed CD will prevent some 
enterprises from even considering using it in the first place...

So I suspect that there's a somewhat limited percentage of snort users that 
are at the "enterprise" level, and those that are, are also the ones that 
are not likely to have spare time..

As for being in the right place, this is the only mailing list I know of 
for generalized snort discussion, and I don't know of anyplace more 
appropriate for enterprise level discussion..  

More information about the Snort-users mailing list