Snort mailing list archives
Re: Snortsnarf sux, snort_stat rulez
From: Stuart Staniford <stuart () silicondefense com>
Date: Thu, 23 Aug 2001 16:45:02 -0700
Hi Paul: I can't find a recent version of Snort_stat.pl on the net to look at. It doesn't seem to be linked from the main Snort web site. Historically, though, Snort_stat.pl and Snortsnarf where for pretty different purposes. Snort_stat is for producing a statistical summary of alerts to give a big picture of what's going on. Snortsnarf is intended for rapidly looking through medium sized alert files to determine which things are worth further investigation and which are not. Although it has some value for report generation, that's not its primary purpose - it's really an incident analysis and response tool in the tradition of Shadow. Snortsnarf is at: http://www.silicondefense.com/software/snortsnarf/index.htm There's also a research paper we wrote about the design of IDS consoles after what we learnt building Snortsnarf. It's at: http://www.silicondefense.com/pptntext/snortsnarf-discex2.pdf Best wishes, Stuart. "Sheahan, Paul (PCLN-NW)" wrote:
I see so much talk about Snortsnarf.....if you compare the reports it generates to snort_stat, there is no comparison. Why would anyone use Snortsnarf? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
Stuart Staniford --- President --- Silicon Defense
** Silicon Defense: Technical Support for Snort **
mailto:stuart () silicondefense com http://www.silicondefense.com/
(707) 445-4355 x 16 (707) 445-4222 (FAX)
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snortsnarf sux, snort_stat rulez Sheahan, Paul (PCLN-NW) (Aug 23)
- Re: Snortsnarf sux, snort_stat rulez Stuart Staniford (Aug 23)
- Re: Snortsnarf sux, snort_stat rulez Brian Caswell (Aug 23)
- <Possible follow-ups>
- Re: Snortsnarf sux, snort_stat rulez Yen-Ming Chen (Aug 23)
- RE: Re: Snortsnarf sux, snort_stat rulez Sheahan, Paul (PCLN-NW) (Aug 24)
- Re: Snortsnarf sux, snort_stat rulez Stuart Staniford (Aug 23)