Snort rule be modified to improve performance?
- Refer To The Ex 1 (93.28 KiB) Viewed 63 times
B. Change the rule content match to case sensitive
C. Set the rule to track the source IP
D. Tune the count and seconds threshold of the rule
Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the or
-
answerhappygod
- Site Admin
- Posts: 899604
- Joined: Mon Aug 02, 2021 8:13 am
Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the or
Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the
Snort rule be modified to improve performance?
A. Block list of internal IPs from the rule
B. Change the rule content match to case sensitive
C. Set the rule to track the source IP
D. Tune the count and seconds threshold of the rule
Snort rule be modified to improve performance?
A. Block list of internal IPs from the rule
B. Change the rule content match to case sensitive
C. Set the rule to track the source IP
D. Tune the count and seconds threshold of the rule
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!