Reading Snort 1.7 source
Snort 1.7 is in beta. Reading the source has clarified several things about how the engine actually processes packets, and revealed a few design decisions that I think are going to influence future IDS work.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged ids architecture — 1 result.