Difference between revisions of "SOW"
From Makers Local 256
(Populated project page.) |
m (Snort isn't an acronym apparently...) |
||
Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
− | A simple voting system integrated into [http://en.wikipedia.org/wiki/Snort_(software) | + | A simple voting system integrated into [http://en.wikipedia.org/wiki/Snort_(software) Snort] signature test environment. Designed to prevent the rollout of bad signatures into a production environment. Easiest method to determine the validity of signatures with minimal impact on testers. |
==Features== | ==Features== | ||
− | * Web front-end for evaluating | + | * Web front-end for evaluating Snort signature trips. |
** Take your pick as to which one you want to use and mod it, or make your own. | ** Take your pick as to which one you want to use and mod it, or make your own. | ||
* For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog. | * For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog. | ||
− | ** User has three options when evaluating a | + | ** User has three options when evaluating a signature trip: |
*** Good: The signature tripped on what it was designed to and the traffic is hostile in nature. | *** Good: The signature tripped on what it was designed to and the traffic is hostile in nature. | ||
*** Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening. | *** Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening. |
Revision as of 08:43, 1 March 2007
Overview
A simple voting system integrated into Snort signature test environment. Designed to prevent the rollout of bad signatures into a production environment. Easiest method to determine the validity of signatures with minimal impact on testers.
Features
- Web front-end for evaluating Snort signature trips.
- Take your pick as to which one you want to use and mod it, or make your own.
- For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog.
- User has three options when evaluating a signature trip:
- Good: The signature tripped on what it was designed to and the traffic is hostile in nature.
- Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening.
- False: The signature trips on normal/non-hostile traffic(false positives).
- Will support multiple users.
- Simple metrics will be kept on user interaction with the system.
- Shows how often certain users participate in the signature testing.
- Shows general differences in user analysis of similar signature trips.
- Simple metrics will be kept on user interaction with the system.
- Reports can be generated at any point to determine the performance of any individual signature or as a whole.
- or any individual user or as a whole for that matter.
- User has three options when evaluating a signature trip: