This document is not a guide about how to fine-tune a sensor to nail out false positives and such, it just tries to summarize different approaches you can take after deciding that you in fact want to stop an alert from firing. Also, while Snort supports different kind of thresholding, this document is only about how to shut down specific alerts completely. The content reflects my personal opinions, which may not be valid in your environment, or even correct.

Added on: Jul 18, 2008 | Hits: 1239

This is the home of Chris Reid. Chris is the person responsible for the Win32 code for Snort. The latest updates to Snort can always be found there.

Added on: Jul 18, 2008 | Hits: 994

Emerging Threats is an open source community project. Through the support of our community we are able to produce the fastest moving and most diverse Snort Signature set and firewall rules available.

We exist because of the community. These are your rules!

Added on: Jan 01, 2010 | Hits: 633

SnortALog is a powerfull perl script that summarizes snort logs making it easy to view any attacks against your network.

SnortALog works with all versions of SNORT and is the only script who can analyse snort's logs in all formats (Syslog, Fast and Full alerts). Also, it is able to summarize Fw-1 (NG and 4.1), Netfilter and IPFilter logs in a simmilar way.

Added on: Jul 18, 2008 | Hits: 1085

Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks on your computer. Sending your 'alert.log' to Symantecs DeepSight Analyzer, they will automatically correlate attacks from your Snort based Intrusion Detection Systems log (alert.ids), sending you a comprehensive view of your computer or general network.

Added on: Jul 18, 2008 | Hits: 2065