[Snort-users] [Emerging-Sigs] Reliability of signatures

Seth Hall seth at ...14966...
Fri Feb 11 11:45:39 EST 2011


On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:

> There is not a better solution for detecting the delivery of exploits, that is the job of an IDS.  SPAM can lead you to an attack, or to a longer *****, but it isn't, in itself an attack.

I never claimed that it was an attack, I only responded to your statement that "spam isn't an IDS issue".

> I agree there is a ton of metadata on the network that is incredibly useful both for correlation and forensics (see intel nuggets on Razorback).  

What I've noticed though is that frequently tools don't make the right information available at the right time and the right place.  Where can I read more about what intel nuggets are?

  .Seth



More information about the Snort-users mailing list