[Snort-users] Snort and AI

DFIRob rd.seclists at gmail.com
Thu Nov 2 16:14:59 EDT 2017


Longer answer on why we're not doing your homework. Snort produces alerts
in a format easily digestible by databases, log parsers of any kind, and
even non artificial intelligence, that's what SOC monkeys are doing all day
;)

Any ML algo can do its stuff from there on, and tell you it's all guacamole
in the end. There is nothing specific to snort output in this case, and
it's out of scope of the user's guide to tell you what to do with the
output of snort.

A better question (asked elsewhere) would be how to apply an (AI|ML|UBA)
algo or tool to the specific task of (filtering out false positives|saving
analyst time by pointing out critical alerts|bringing context to
alerts|whatever). Please put more effort in your own understanding of your
question next time.

Rob'

On Thu, Nov 2, 2017 at 7:47 PM, Ale Fredes Hadad via Snort-users <
snort-users at lists.snort.org> wrote:

> I am only looking for the name of the tool (if there is any) and then I am
> going to research for my own. I am reading the user´s guide and I can´t
> find that.
>
> 2017-11-02 15:44 GMT-03:00 Joel Esler (jesler) <jesler at cisco.com>:
>
>> https://snort.org/faq/can-i-have-help-with-my-homework
>>
>>
>> *--*
>> *Joel Esler *| *Talos:* Manager | jesler at cisco.com
>>
>>
>>
>>
>>
>>
>> On Nov 2, 2017, at 2:38 PM, Ale Fredes Hadad via Snort-users <
>> snort-users at lists.snort.org> wrote:
>>
>> Hello eveyone!
>>
>> I am studying about Snort and I would like to ask if there is a software
>> tool that work with Snort and uses Artificial Intelligence techniques like
>> machine learning, neural networks and so on.
>> Thanks!
>>
>> Regrets,
>> Alexis Fredes
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>> Please follow these rules: https://snort.org/faq/what-is-
>> the-mailing-list-etiquette
>>
>>
>>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171102/45635f43/attachment.html>


More information about the Snort-users mailing list