[Snort-users] newbq: snort working, getting hits, got sig id's. What now?
wkitty42 at ...14940...
Sat Dec 1 11:35:18 EST 2012
On 11/30/2012 23:31, Tony Robinson wrote:
> you did the easy part in setting up your IDS, the hard part is making
> determinations based on what you know.
and getting this far and really digging into the traffic that snort brings to
attention will further enhance one's networking knowledge :)
> some things to make it easier:
> if the rule is a vrt rule, the file opensource.gz on snort.org while massive.
> has documentation on a boatload of rules they have released. additionally the
> rule search on snort.org can give you good information as well:
definitely... and uncle google can also point to a world of information ;)
More information about the Snort-users