Network Instruments GigaStor 114ff Bedienungsanleitung PDF herunterladen (Seite 97)

Starting Forensic Analysis using Snort rules

Chapter 6 Forensic Analysis using Snort

rev. 1

Figure 69 Rules tab

9 Select the boxes next to the rules you want to enable. The right-

click menu has options to enable/disable all rules, and to show the

actual Snort rule that was imported. It also lets you jump to web-

based threat references such as bugtraq for further information

about the alert.

Rule classifications offer another level of control. Check the

“Rules must also match rule classifications” box to display a list of

defined rule classifications. Classifications are defined at import

time by parsing the Snort config classification statements

encountered in the rule set. Rules are assigned a classification in

the rule statement’s classtype option.

Select the rule classification(s) you want to enable. If classification

matching is enabled, a rule and its classification must both be

enabled for that rule to be processed. For example, suppose you

want to enable all policy violation rules: simply right-click on the

rule list, choose Enable all rules, and then enable the policy

violation classification.

1 2 ... 92 93 94 95 96 97 98 99 100 101 102 ... 145 146

Keine Kommentare

Network Instruments GigaStor 114ff Bedienungsanleitung Seite 97