02233

Netværkssikkerhed
Network Security
home

Question 5

How can you reduce log information in case of Nessus scan against a Snort installation?

First of all, are we here talking of a hostile or a friendly scan?
In the case of a friendly scan this is a know (periodic) activity, and you can thus simply drop logging any activity from the scanning Nessus server.
In the general case, there're "Event Tresholding" and "Event Suppression" in accordance with section 2.2 and 2.3 in [i43]


home