SOW

From Makers Local 256
Revision as of 08:46, 1 March 2007 by Strages (Talk | contribs)

Jump to: navigation, search

(Signatures Observed Working)

Overview

A simple voting system integrated into Snort signature test environment. Designed to prevent the rollout of bad signatures into a production environment. Easiest method to determine the validity of signatures with minimal impact on testers.

Features

  • Web front-end for evaluating Snort signature trips.
    • Take your pick as to which one you want to use and mod it, or make your own.
  • For each signature that trips on the test system the user is presented with a voting system similar to a simple poll in a blog.
    • User has three options when evaluating a signature trip:
      • Good: The signature tripped on what it was designed to and the traffic is hostile in nature.
      • Needs work: Either the signature tripped on what it was supposed to but the traffic isn't necessarily hostile, or the traffic is hostile but the signature could use some tightening.
      • False: The signature trips on normal/non-hostile traffic(false positives).
    • Will support multiple users.
      • Simple metrics will be kept on user interaction with the system.
        • Shows how often certain users participate in the signature testing.
        • Shows general differences in user analysis of similar signature trips.
    • Reports can be generated at any point to determine the performance of any individual signature or as a whole.
      • or any individual user or as a whole for that matter.