[Snort-users] Snort Sensors do not appear to be detecting what they should
Jacobi, Michael W CIV NSWCCD Philadelphia, 10432
michael.jacobi1 at ...7622...
Wed Mar 11 14:42:41 EDT 2015
I have been recently asked to start working with the Snort installation at my site (Snort 18.104.22.168, Barnyard, BASE). Based on what alerts I am seeing, I feel that the system is not detecting what is should be finding. For example the sensor that is facing my ISP has less than 20 detects in the last few days, and I am seeing events on sensors that I know should be passing by other sensors but I do not see an correlation in the detects between the sensors.
I have had prior IDS experience, but I just started attempting to work with Snort. I would appreciate what help you can give me to work to making this system more functional. Pointers to FAQs and other online resources are always helpful.
More information about the Snort-users