[Snort-users] Any Good Books out there?

Marcin Dulak marcin.dulak at ...11827...
Thu Dec 1 17:58:45 EST 2016


There may be many reasons for not getting the alerts You may be missing the
rules that will generate alerts.
You also need scan_local for the private IP range.

The reputation preprocessor configuration is explained nicely here:
http://sublimerobots.com/2015/12/the-snort-reputation-preprocessor/

Marcin

On Thu, Dec 1, 2016 at 11:04 PM, Justin Pederson <jpedersm at ...11827...> wrote:

> I just went through the Manual on the Reputation Preprocessor area and
> still having the same issues.  I created a text file called white.list.
> On the snort.conf file in line 113 I have the variable listed correctly and
> verified it is called upon in line 511.  I am running snort on windows any
> idea on why the IP is still in the alerts?
>
> File name is white.list  (location c:\Snort\Rules\)
> Line 113 var WHITE_LIST_PATH c:\Snort\Rules
> Line 511 $WHITE_LIST_PATH\white.list, \
>
>
> In the white.list I have the ip set up as.
> 192.168.70.5/32
>
> On Thu, Dec 1, 2016 at 2:36 PM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
>> Also http://www.snort.org/faq
>>
>> I’ve been adding documents in here more frequently lately, and would love
>> to add more.
>>
>> *--*
>> *Joel Esler *| *Talos:* Manager | jesler at ...589...
>>
>>
>>
>>
>>
>>
>> On Dec 1, 2016, at 3:35 PM, Luke Ager <luke.ager at ...14399...> wrote:
>>
>> Agree with the snort manual posts.
>> The art of network security monitoring is also worth a read.
>>
>> Sent from my iPhone
>>
>> On 1 Dec 2016, at 20:32, Joel Esler (jesler) <jesler at ...589...> wrote:
>>
>> Albert is right.
>>
>> Also, manual.snort.org is a bit easier to remember.
>>
>> *--*
>> *Joel Esler *| *Talos:* Manager | jesler at ...589...
>>
>>
>>
>>
>>
>>
>> On Dec 1, 2016, at 2:00 PM, Al Lewis (allewi) <allewi at ...589...> wrote:
>>
>> Hello Justin,
>>
>> The best “book” would be the snort manual in my opinion. This will give
>> you the most information that is updated and maintained by the developers.
>>
>> If you go through a section of the manual (and don’t understand it)
>> please feel free to post whatever question no matter how big or small.
>>
>> We will be glad to help you out and get you pointed in the right
>> direction.
>>
>> The snort manual can be found in the snort download (in the doc
>> directory) from www.snort.org and also online here:
>> http://manual-snort-org.s3-website-us-east-1.amazonaws.com/
>>
>>
>> Thanks!
>>
>> *Albert Lewis*
>> ENGINEER.SOFTWARE ENGINEERING
>> SOURCE*fire*, Inc. now part of *Cisco*
>> Email: allewi at ...589...
>>
>> From: Justin Pederson <jpedersm at ...11827...>
>> Date: Thursday, December 1, 2016 at 1:23 PM
>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] Any Good Books out there?
>>
>> I'm just getting into snort.  While there is allot of information out
>> there on snort, allot of it is not strait forward.  If I am looking for a
>> book to get up to speed on they system.  By chance does anyone know of any
>> good books to read?
>> ------------------------------------------------------------
>> ------------------
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>> ------------------------------------------------------------
>> ------------------
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
> ------------------------------------------------------------
> ------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161201/d399cda7/attachment.html>


More information about the Snort-users mailing list