[Snort-users] Snort / Alert Management Best Practices
This is a discussion on [Snort-users] Snort / Alert Management Best Practices within the Snort forums, part of the System Security and Security Related category; Interesting that I did not receive a response to my question as to what may be some good best practice ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-19-2006
|
|||
|
|||
[Snort-users] Snort / Alert Management Best Practices
Interesting that I did not receive a response to my question as to what may
be some good best practice references as to the daily use of snort. Is everyone just monitoring ad-hoc? Or are you just consistently fine tuning the rules so only events that require action are shown? What do you tell you auditors are your IDS response procedures? Perhaps some answers will come as I continue to prepare for Security+ cert, where exam objective 1.4 states: 1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk. Daryl ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
