[Snort-users] Correllation resources

Justin ginsbergj at ...11827...
Tue Oct 16 10:53:01 EDT 2012


Fellow Snorters,


Do you guys have any good web resources for how to correlate and research
events? As in if one gets an event, and wants to check a write up on it,
what sites are best to use?
I've seen google groups, seclist.org and http://www.snortid.com, and while
sometimes I feel the write ups answer my questions well, I sometimes feel as
if some sig ID's and events may not be documented as well as one would like.
Especially the ET sigs.

Is there anywhere that posts in-depth decode analysis of the PCAP files for
events that are triggered in IDS? 
Is there anywhere that has maybe a IDS diary (Some nice snorter that has
documented what they have done to definitively know when to tune and when to
turn off rules)?
Are there any sites that post maybe a CVE/bug ID to signature correlation?

Thanks in advance,
Nitz.





More information about the Snort-users mailing list