[Snort-users] Snort Configurations
greglane at ...14965...
Wed Sep 22 12:39:38 EDT 2010
I'm starting to learn how to tune my Snort install and it is a slow process.
I have alerts like crazy because I know it needs to be tuned and I
especially have a lot of http_inspect alerts coming up. I've been reading
and from what I can gather if you don't have a websever you may not really
need this in operation or am I wrong? If I am wrong then what is the best
possible solution for me to cut down most of the alerts which are false
positives so to speak or aren't dangerous at all? This will probably be one
of many questions concerning configs coming to an email box near you.
Email: greglane at ...14965...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users