Re: snort tamandua or prelude ids plus bro?

["Lee Sheng" <momosisco () hotmail com>]

rmkml,

Actually i'm thinking of adding bro too, but the thing is lack of 
documentation on Bro, can you point me out where can i find useful 
whitepaper or guides on deploying Bro cause I got no time to start  
everything from scratch.

Thanks.


Regards,
Lee


> From: rmkml <rmkml () wanadoo fr>
> To: Lee Sheng <momosisco () hotmail com>
> Subject: Re: snort tamandua or prelude ids
> Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST)
>
> Hi Lee,
>
> add bro in possible choice ?
>
> Regards
>
> Rmkml () Wanadoo fr
>
>
> On Fri, 6 Aug 2004, Lee Sheng wrote:
>
> > Date: Fri, 06 Aug 2004 18:37:16 +0800
> > From: Lee Sheng <momosisco () hotmail com>
> > To: focus-ids () securityfocus com
> > Subject: snort tamandua or prelude ids
> >
> > All,
> >
> > Thanks to all of you who have answered my question, it's so nice to get so 
> > many suggestions nad helps from the community.
> >
> > My another question is no doubt the snort is one of the best ids compare 
> > to other ids. However I really interested in the tamandua ids which 
> > implementing the boolean layer to detect the patent of the attack(less 
> > alse postive). Anyone have experiences in deploying tamandua ids and I 
> > would like to know whether tamandua ids is still active or the development 
> > of tamandua ids is already dead. If you have experience on deploying, 
> > hopefully you guys can share expericience with me. Then about the prelude 
> > IDS, prelude ids seems very complicated and I still not sure where to 
> > start. Anyone have any ideas cause now I still in the way of thinking 
> > which ids to deploy for the company. Snort, tamandua or prelude?
> > Prelude seems more in depth on tracking what attacker try to do with HIDS 
> > as well. I've one and half years experience in snort (not in transparent 
> > mode of course). If I want to save my time, sure I will choose snort, 
> > however I would like to hear from you all. Thanks again.
> >
> >
> > Regards,
> > Lee
> >
> > _________________________________________________________________
> > Download ringtones, logos and picture messages from MSN Malaysia 
> > http://www.msn.com.my/mobile/ringtones/default.asp
> >
> >
> > --------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks from 
> > CORE
> > IMPACT.
> > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> > to learn more.
> > --------------------------------------------------------------------------

_________________________________________________________________
Are you in love? Find a date on MSN Personals http://match.msn.com.my/


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------