[Snort-users] newbq: snort working, getting hits, got sig id's. What now?

waldo kitty wkitty42 at ...14940...
Sat Dec 1 11:35:18 EST 2012


On 11/30/2012 23:31, Tony Robinson wrote:
> you did the easy part in setting up your IDS, the hard part is making
> determinations based on what you know.

and getting this far and really digging into the traffic that snort brings to 
attention will further enhance one's networking knowledge :)

> some things to make it easier:
> if the rule is a vrt rule, the file opensource.gz on snort.org while massive.
> has documentation on a boatload of rules they have released. additionally the
> rule search on snort.org can give you good information as well:
> http://www.snort.org/search

definitely... and uncle google can also point to a world of information ;)




More information about the Snort-users mailing list