[Dshield] IDS Analysts
Albert Gonzalez
albertg at cerveau.us
Sat Feb 2 20:35:17 GMT 2008
I took the class w/ Mike Poor. Great class but a lot to absorb in six days. I've been in analysis land for quite sometime and still learned. That's the beauty of this field you can kearn smthng new everyday.
I recommend it to everyone and is mandatory for my analysts to attend. The technical material is good but the biggest bebefit is how he teaches which put you in analysis mindset.
- Albert G.
-- Sent from my HTC6800
http://blog.cerveau.us
-----Original Message-----
From: Johannes Ullrich <jullrich at sans.org>
Sent: Saturday, February 02, 2008 9:47 AM
To: General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] IDS Analysts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
>
> There is no value in having an Analyst that can just read alert
> messages.
Which is some way is addressed by sending your analysts to the
"Intrusion Detection in Depth" class :-).
Teaching it this week in San jose (starting in an hour or so). Not to
make this a commercial for the course, but what you are saying is the
exact premise of the course. Its less about how to turn a knob on some
IDS, but about understanding TCP/IP.
For more details see:
http://www.sans.org/training/description.php?tid=510
- ---------
SANS 2008 - Orlando, FL; 41 courses, April 18-25
http://www.sans.org/info/19686
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFHpJChPNuXYcm/v/0RAwFXAJ0WhT1G6biGvLlk2O0fuiCFwCGRYACeIJUP
IBXdpcRmErAW11W2f079JUw=
=qKe1
-----END PGP SIGNATURE-----
_________________________________________
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans. http://www.sans.org/info/15826
More information about the list
mailing list