[Snort-users] Reliability of signatures
hugh.fraser at ...15146...
Fri Feb 4 10:56:35 EST 2011
I like the idea of incorporating it into something the tools like
oinkmaster can pull down. I'm trying to make due with a small security
staff, and anything I can do that gets me closer to a hands-off
exception reporting system is a good thing. So if a reliability value is
available that I can incorporate into a risk calculation, that will
allow me to make better judgements about how to react.
So what needs to be done to make this happen?
From: Joel Esler [mailto:jesler at ...1935...]
Sent: Friday, February 04, 2011 10:33 AM
To: Martin Roesch
Cc: Jim Hranicky; snort-users at lists.sourceforge.net; Fraser, Hugh
Subject: Re: [Snort-users] Reliability of signatures
On Fri, Feb 4, 2011 at 10:23 AM, Martin Roesch <roesch at ...1935...>
On Fri, Feb 4, 2011 at 10:16 AM, Jim Hranicky <jfh at ...5250...>
> On Fri, 4 Feb 2011 09:13:12 -0600
> Martin Holste <mcholste at ...11827...> wrote:
>> > Seems like there'd almost need to be a central place that
>> > entities could report their findings. I know we've got
rules that we
>> > rely on heavily and work very well for us, but other than
>> > there's no place to report our findings.
>> Hm, you mean like a vote up/down system like
>> could be really interesting. It would be very valuable to
>> others are finding to be helpful.
> Sure, something like that - that would actually be very cool.
I like that idea too. It'd make a lot of sense to integrate it
snort.org - in fact there's probably a lot of data about Snort
detection performance, config options and rule quality we could
there. Communication favors the defender...
I would think it would need to have some kind of automatic reporting
method, perhaps with manual commenting?
Joel Esler | 706-231-1451 | http://blog.snort.org |
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users