Final Days to get an HP ProBook 450 G4 or iPad Pro with Online Training - Ends 4/26

IDFAQ: How can I contribute a question to the FAQ?

This is the SANS Intrusion Detection and Response FAQ Author's Guide. The FAQ's founding contributors are:

  • Fred Kerby - Naval Surface Warfare Center Dahlgren Division
  • Steven Moore - Mitre
  • Tim Aldrich - NEXTLINK
  • Editor: Stephen Northcutt
  • Copyeditor: Sandy J. Burd - Internet Security Advisor

Please let me share our vision for this project. I hope that together we can create a useful document to help people learn more about intrusion detection. When a user clicks on an entry in the question list, the answer will be an accurate, clearly written, up-to-date essay, or white paper-style document. To do this, we‚re asking folks to adopt questions, write high quality answers, and keep them up-to-date.

To participate, please decide on a new question. Next, write a good answer complete with references, diagrams, or examples as appropriate. In general, your answer should be three to five paragraphs long with an introduction, body section, and conclusion. Please send one answer per mail message! The address to send answers to is: with "intrusion" as the subject line. SANS will forward the answer to me. Please send the file as either ASCII text or as a Microsoft Word document. If you want to be credited for your work, put your name and organization at the bottom of the file.

Note, if you pick a pre-existing question, I'll attempt to merge the two pieces, but it's my call as to how I do that. If you don't keep your question up-to-date, or if your answers don't match the overall quality of the FAQ, I may have to substitute another author's answers. I'll try to avoid doing this, and you can help by continuing to update your questions.

We'll review your answer for accuracy, and if we're not sure of the material, I'll send it to the FAQ review board, which consists of the FAQ founders and anyone else I can coerce :) to get their read on the answer. Thank you again for volunteering. I can't wait to see your answer(s)!

Stephen Northcutt
SANS Institute
Director of Research for Intrusion Detection and Response