Gathering Intrusion Data
A powerful feature unique to Snort is related to its capability to gather data. Many commercial IDSs require the operator to specify in advance for which rules data should be kept. An intrusion analyst's work is often nebulous; having to predict what malicious hackers are going to throw at your network perimeter is next to impossible. The only solution is to save every payload that corresponds to suspicious traffic. Snort's creators realized this; hence Snort logs all payloads when possible.
Assessing Threats
The data contained in a payload is often a window into the mind of your attacker. To gauge a proper response to either a successful or attempted attack, it is imperative to determine the nature of your attacker. ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.