RE: [Snort-users] Preprocessors
This is a discussion on RE: [Snort-users] Preprocessors within the Snort forums, part of the System Security and Security Related category; Check gen-msg.map in the Snort \etc directory for a list of the SIDs from the preprocessors. I suppress ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-07-2006
|
|||
|
|||
RE: [Snort-users] Preprocessors
Check gen-msg.map in the Snort \etc directory for a list of the SIDs
from the preprocessors. I suppress a bunch of the HTTP preprocessor messages using threshold. Bruce=20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Rob Ward Sent: Friday, April 07, 2006 6:06 AM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Preprocessors I've also posted this on the forum so apologies for the cross posting. Can=20 anyone offer some general advice on how to go about dealing with alerts=20 generated by preprocessors? Alerts generated by rules seem to be easier to=20 deal with as I can reference a specific vulnerability/exploit and take it=20 from there. Also I'm being swamped by http_inspect alerts and I'm pretty sure 99% if not more of these are false positives. How do you determine the gen/sig id=20 of preprocessor alerts for thresholding? Regards Rob Ward University of Liverpool Computing Services Department=20 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=...241720&dat=3D= 121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=...720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
