Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
3
Helpful
1
Replies

analysing nids alerts

nataraj_v
Level 1
Level 1

‎08-19-2005 06:38 AM - edited ‎03-10-2019 01:35 AM

Dear All,

I have few nids 4235, i find enough documentation about updating signatures and installation of nids. but for analysing only we had nsdb.

can any body guide me, wht are the necessary steps need to analyse these alerts. how to decide whether its a false positive or negative or attack going on. im confused to take a decision on a alert.any help frns

Thanks in advance

Nataraj

Labels:
0 Helpful
1 Reply 1

nhoover
Level 1
Level 1

‎08-19-2005 07:02 PM

Nataraj,

to start learning the techniques of analysis I would suggest the book "Intrusion Detection" from New Riders Press. This book is written by one of the leading analysts in the field, and a member of the SANS organization. If your really in a hurry there is SANS boot camps specializing in Intrusion Analysis which are great, but you should have background knowledge of TCP/IP to be prepared.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card