Sign in to follow this  
Followers 0
EonsNearby

Snorby help

2 posts in this topic

Okay, I am a complete beginner to Snorby (and network security), so I was just wondering if anyone knows of any good tutorials that could help instruct me on how to appropriately use Snorby. One thing I need help with is sorting the thousands of events it detects. For example, one has a signature ID of 2100366, but when I query the database about it, the website it takes me to does not have any information on it. The description Snorby provides makes it sound harmless, but I want to find out a little more about it before I tell Snorby to just ignore it.

Share this post


Link to post
Share on other sites
[quote name='EonsNearby' timestamp='1327958478' post='360279']
Okay, I am a complete beginner to Snorby (and network security), so I was just wondering if anyone knows of any good tutorials that could help instruct me on how to appropriately use Snorby. One thing I need help with is sorting the thousands of events it detects. For example, one has a signature ID of 2100366, but when I query the database about it, the website it takes me to does not have any information on it. The description Snorby provides makes it sound harmless, but I want to find out a little more about it before I tell Snorby to just ignore it.
[/quote]

Your best bet is to hit the snorby forums or irc channel (irc.freenode.net). Mephux - the author of snorby usually hangs out there with various other people that can probably help

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0