Snort Frequently Asked Questions Podcast Posted

About a month ago I recorded a podcast for SearchSecurityChannel.com. It's a series of frequently asked questions. SSC is for the "channel," which means "vendors," but everything in the podcast applies to Snort operators. You should be able to reach the podcast via this link. Note that when I recorded the podcast we didn't know that Emerging Threats would replacing Bleeding Threats.

Comments

test said…
Richard,

I really enjoyed this podcast and found it very informative. However, there was one minor point that I find perplexing.

Your definition of Snort-offline as the opposite of Snort-inline is what I am referring to. When I think of Snort-offline, I think about using Snort to read an LPC trace file, not using Snort in main IDS mode.

My thought is that Snort-out-of-line is more appropriate based on the fact that "out" is the opposite of "in". As I said in my post, I will keep an open mind about this terminology, but I just found it curious and it does not feel right to me.
Anonymous said…
More appropriately, to be in line with the terminology of the vendors, sys admins, and engineers, “out of band”.
Jim said…
This information is useful. Thanks for sharing. Been working with snort for a while and trying to always learn more.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4