Difference between revisions of "Snort"

From wiki-ben
Jump to: navigation, search
 
Line 11: Line 11:
  
 
==Sources==
 
==Sources==
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf
+
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf<br>
 
https://rules.emergingthreats.net/open/snort-2.9.0/rules/
 
https://rules.emergingthreats.net/open/snort-2.9.0/rules/

Latest revision as of 20:30, 4 January 2017

Snort is an IDS that does real-time analysis of incoming traffic. It can be configured to work both for networks and also single systems. An idealistic configuration follows the following tutorial: https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf

This includes how-to on setup of also barnyard and other components.

In addition to this, the community rules do not cover all aspects of intrusion detection. Thus using emerging threats rulesets is also recommended. These can be found here:

https://rules.emergingthreats.net/open/snort-2.9.0/rules/

Notes

Sources

https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf
https://rules.emergingthreats.net/open/snort-2.9.0/rules/