IDS mailing list archives
RE: dragon and snort logs
From: "Golomb, Gary" <GGolomb () enterasys com>
Date: Wed, 14 May 2003 11:46:14 -0400
*** Moderator: While this message is not the most vendor-neutral post I have ever made, there is no other way to reply to the previous message. I hope you understand. Please let me know if anything should be changed as the points made my Brian should be responsibly addressed. Thanks!
It is a fairly common occurrence for Enterasys customers to use snort. So common that Enterasys distributes utilities to convert snort
signatures
into a policy lib file so you can use their HIDS to monitor snort log files.
Brain is absolutely correct. Many people start using Snort since they first learn how to use IDS though courses like SANS and other introductory courses. Additionally, since Snort is free, it is easy for administrators to use it for initial design and implementation testing. We've seen many people do this while testing solutions from vendors. After the initial stages of an IDS network design, many people upgrade to commercial implementations. When they do, we try our best to support any existing infrastructure they may have. If they have already taken the time to write custom signatures for their existing IDS, we will work with them to import those to Dragon, since Dragon is one of the few commercial solutions to have a fully open signature set - whether the initial implementation was Snort or otherwise. Interestingly enough, we're running into Snort less and less. Now we're needing to convert signatures from the other market leaders since they are starting to open up the ability to write custom detection routines. The tool you reference is one of the tools which Dragon customers have developed for the Dragon community. Being on the Dragonuser mailing list, you should know about how people contribute data mining tools, signatures, and other conversion utilities. If you have missed those, they are freely available on our support site.
Ask your Enterasys support person for help if you can't figure out
their
tools.
In addition to field support engineers all over the world, you can also utilize our global support call centers, or the rest of the Dragon community on the Dragonuser list. ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- dragon and snort logs Jochen Vogel (May 12)
- RE: dragon and snort logs David Markle (May 12)
- Re: dragon and snort logs Brian (May 14)
- <Possible follow-ups>
- RE: dragon and snort logs Golomb, Gary (May 14)
- RE: dragon and snort logs David Markle (May 12)