[Snort-users] Any Good Books out there?

Joel Esler (jesler) jesler at ...589...
Thu Dec 1 18:18:37 EST 2016


I can’t say that we haven’t been approached about writing a new one.  Because we have.  However, there are only so many hours of the day.

--
Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>






On Dec 1, 2016, at 5:49 PM, Marcin Dulak <marcin.dulak at ...11827...<mailto:marcin.dulak at ...11827...>> wrote:

Hi,

in my opinion the snort manual (we are talking about manual.snort.org<http://manual.snort.org/>) focuses
on the technical details and does not provide a context of why snort does what it does. I can recommend two books that provide some context:
- https://www.amazon.com/Applied-Network-Security-Monitoring-Collection/dp/0124172083 - short, less technical, a good place to start
- https://www.amazon.com/Snort-Toolkit-Beales-Source-Security/dp/1597490997 - long, very old, but provides a lot of context and funny statements like
"The actual code that parses the various options within Snort is scattered throughout the code base" on page 177 of the 2007 edition, or a mention of snort 3.0 on page 179!

It's pretty outrageous that such a fundamental field as network monitoring is still considered an art and there are no readily available materials.

Marcin

On Thu, Dec 1, 2016 at 7:23 PM, Justin Pederson <jpedersm at ...11827...<mailto:jpedersm at ...11827...>> wrote:
I'm just getting into snort.  While there is allot of information out there on snort, allot of it is not strait forward.  If I am looking for a book to get up to speed on they system.  By chance does anyone know of any good books to read?

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161201/76a17c4c/attachment.html>


More information about the Snort-users mailing list