Difference between revisions of "SOW"

From Makers Local 256
Jump to: navigation, search
(Populated project page.)
 
m (Snort isn't an acronym apparently...)
Line 1: Line 1:
 
==Overview==
 
==Overview==
A simple voting system integrated into [http://en.wikipedia.org/wiki/Snort_(software) SNORT] signature test environment.  Designed to prevent the rollout of bad signatures into a production environment.  Easiest method to determine the validity of signatures with minimal impact on testers.
+
A simple voting system integrated into [http://en.wikipedia.org/wiki/Snort_(software) Snort] signature test environment.  Designed to prevent the rollout of bad signatures into a production environment.  Easiest method to determine the validity of signatures with minimal impact on testers.
  
 
==Features==
 
==Features==
* Web front-end for evaluating SNORT trips.
+
* Web front-end for evaluating Snort signature trips.
 
** Take your pick as to which one you want to use and mod it, or make your own.
 
** Take your pick as to which one you want to use and mod it, or make your own.
 
* For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog.
 
* For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog.
** User has three options when evaluating a SNORT signature trip:
+
** User has three options when evaluating a signature trip:
 
*** Good: The signature tripped on what it was designed to and the traffic is hostile in nature.
 
*** Good: The signature tripped on what it was designed to and the traffic is hostile in nature.
 
*** Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening.
 
*** Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening.

Revision as of 08:43, 1 March 2007

Overview

A simple voting system integrated into Snort signature test environment. Designed to prevent the rollout of bad signatures into a production environment. Easiest method to determine the validity of signatures with minimal impact on testers.

Features

  • Web front-end for evaluating Snort signature trips.
    • Take your pick as to which one you want to use and mod it, or make your own.
  • For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog.
    • User has three options when evaluating a signature trip:
      • Good: The signature tripped on what it was designed to and the traffic is hostile in nature.
      • Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening.
      • False: The signature trips on normal/non-hostile traffic(false positives).
    • Will support multiple users.
      • Simple metrics will be kept on user interaction with the system.
        • Shows how often certain users participate in the signature testing.
        • Shows general differences in user analysis of similar signature trips.
    • Reports can be generated at any point to determine the performance of any individual signature or as a whole.
      • or any individual user or as a whole for that matter.