[Oisf-users] Question
Matt Jonkman
jonkman at jonkmans.com
Mon Apr 1 17:31:44 UTC 2013
Are you sure the box is seeing all traffic? Is it inline, or on a tap, etc?
Matt
On Sat, Mar 30, 2013 at 11:14 AM, Leonard Jacobs <ljacobs at netsecuris.com>wrote:
> The only event I am getting is ET POLICY Unusual number of DNS No Such
> Name Responses.****
>
> ** **
>
> *From:* mjonkman at emergingthreatspro.com [mailto:
> mjonkman at emergingthreatspro.com] *On Behalf Of *Matt Jonkman
> *Sent:* Saturday, March 30, 2013 8:40 AM
> *To:* Leonard Jacobs
> *Cc:* oisf-users at openinfosecfoundation.org; Eric Leblond
> *Subject:* Re: [Oisf-users] Question****
>
> ** **
>
> Definitely should have. What rules are you running? Just the ET Open?****
>
> ** **
>
> Have your vars set right?****
>
> ** **
>
> Are you seeing other events?****
>
> ** **
>
> Matt****
>
> ** **
>
> On Fri, Mar 29, 2013 at 5:04 PM, Leonard Jacobs <ljacobs at netsecuris.com>
> wrote:****
>
> Why would Suricata events not be triggered when running a vulnerability
> scanner? I ran OpenVAS against a couple of public IP addresses on our
> network and not a single event was triggered. I would have thought that at
> least emerging-scan.rules would trigger.****
>
> ****
>
> Thanks.****
>
> ****
>
> Leonard Jacobs****
>
> President/CEO****
>
> Netsecuris Inc.****
>
> 9301 Bryant Avenue S****
>
> Suite 104****
>
> Minneapolis, MN 55420****
>
> (952) 641-1421 ext. 20****
>
> ****
>
> http://www.netsecuris.com****
>
> ****
>
> [image: logo_tagline3x1]****
>
> ****
>
> ****
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/****
>
>
>
> ****
>
> ** **
>
> --
>
>
> ----------------------------------------------------
> Matt Jonkman
> Emerging Threats Pro
> Open Information Security Foundation (OISF)
> Phone 866-504-2523 x110
> http://www.emergingthreatspro.com
> http://www.openinfosecfoundation.org
> ---------------------------------------------------- ****
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130401/10bfce46/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 20970 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130401/10bfce46/attachment-0001.jpg>
More information about the Oisf-users
mailing list