Table of Contents
Advertisement
About the Forensic Analysis Log tab
rev. 1
results, you may want to adjust preprocessor settings to
eliminate these conditions. Intruders often attempt to exceed
the limitations of forensic analysis to hide malicious content.
The right-click menu lets you examine the rule that triggered the alert
(if applicable). It also lets you jump to web-based threat references
such as bugtraq for further information about the alert. These
references must be coded into the Snort rule to be available from the
right-click menu.
The Forensic Analysis Log comprehensively lists all rule alerts and
preprocessor events in a table, letting you sort individual occurrences
by priority, classification, rule ID, or any other column heading. Just
click on the column heading to sort the alerts by the given criteria.
Figure 71 Forensic Analysis Log tab
The right-click menu lets you examine the rule that triggered the alert
(if applicable). It also lets you jump to web-based threat references
such as bugtraq for further information about the alert. These
references must be coded into the Snort rule to be available from the
Starting Forensic Analysis using Snort rules
Chapter 6 Forensic Analysis using Snort
99
Advertisement
Table of Contents
