Snort Threat Prevention Components

Free registration required

Executive Summary

Snort's threat detection and prevention components work together to reassemble traffic, prevent evasions, detect threats, and output information about these threats without creating false positives or missing legitimate threats. The threat prevention process in Snort consists of multiple components which work together to reassemble traffic as a target host would see it, identify traffic areas that may contain threats, and match Snort rules against these traffic areas to recognize attacks. Together, these components efficiently detect threats and reduce or eliminate false alarms.

  • Format: PDF
  • Size: 165.3 KB