[Snort-users] [Emerging-Sigs] Reliability of signatures
molney at ...1935...
Fri Feb 11 11:54:22 EST 2011
Here is the whitepaper for the Razorback project:
snort has the razorback module included so it can feed intel data to the
Razorback system. System is still exceptionally alpha, so YMMV.
On Fri, Feb 11, 2011 at 11:45 AM, Seth Hall <seth at ...14966...> wrote:
> On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:
> > There is not a better solution for detecting the delivery of exploits,
> that is the job of an IDS. SPAM can lead you to an attack, or to a longer
> *****, but it isn't, in itself an attack.
> I never claimed that it was an attack, I only responded to your statement
> that "spam isn't an IDS issue".
> > I agree there is a ton of metadata on the network that is incredibly
> useful both for correlation and forensics (see intel nuggets on Razorback).
> What I've noticed though is that frequently tools don't make the right
> information available at the right time and the right place. Where can I
> read more about what intel nuggets are?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users