Now that your Snort3 has been installed and you have confirmed all your tests are working as expected, and you then fed the pig, your next step is to configure Snort3 for your specific environment. This philosophy should also be the same for any security tool you are using. Let’s customize Snort3 for our environment. […]

Now that we have installed and configured Snort3, as well as learned a little about it, let’s now looking at feeding the pig … giving it rules … and then testing those rules before we perform our housekeeping. Let’s create the directories for us to store our rules and block lists securitynik@snort3:~$ sudo mkdir /usr/local/etc/rules […]

In the previous post, we performed the install of Snort3. In this post, we learn a little about Snort3 before we start feeding it via rules and then perform some housekeeping. Getting help! securitynik@snort3:~$ snort --help Snort has several options to get more help: -? list command line options (same as --help) --help this overview […]

Now that Cisco has released Snort3 via general availability, I decided to do a quick 4 part series on its installation, learning a little about Snort3, feeding the pig and Snort3 housekeeping. Back in 2014, I did a post on “Building snort 3.0 (snort++)“. With 6 years elapsing, I wanted to see what has changed with […]

Had a little issue today, where the team could not connect to an IBM QRadar appliance via SSH or HTTPS. This is somewhat strange as we expect these services to be available for us to be able to do our job. I Assigned the task to an Analyst to take a quick look. here is […]