Correlation Rules in Sourcefire
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2015 02:34 AM - edited 03-12-2019 05:39 AM
I am need to understand how to configure and use correlation rules in sourcefire.
Appreciate if anybody could share Sample correlation rules / Correlation Use Cases and steps to configure the same.
- Labels:
-
NGIPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2015 05:22 AM
What are you trying to accomplish?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2015 06:41 PM
Not to come across as crass. But I dont know what I dont know regarding correlations. When would you use them, why would you use them and how would you use them. Can you please help?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 01:59 PM
Take a look at http://www.labminutes.com/ . Plenty of information and great video tutorials.
http://www.labminutes.com/sec0177_asa_firepower_event_correlation_remediation_1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2015 06:43 PM
Did you ever get an answer to this question. I have the same issue. I dont know how to use them or why I would use them.
