Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ACID vs demarc

From: "Ali Zaree" <a_zaree () graffiti net>
Date: Sat, 08 Dec 2001 05:31:05 +0800


I have setup snort 1.8.2 & mysql for IDS but I haven't decided on a 
reporting tool. What are the major differences between ACID and demarc? 
Any online comparisons?



I have used both and have settled on Demarc for many reasons.  Most importantly (for me) was that fact that ACID is not 
real-time anymore, to quote their FAQ: 
"alerts are no longer processed in real-time from the same tables as they were logged by Snort or other security 
devices"
For my company this "feature" was a big turn off, and the reason we initially checked out Demarc.

While exploring Demarc, we realized that it does a lot more then just Snort frontend too.  We were able to get rid of 
Big Brother and Tripwire from our network because Demarc has both of these services built-in.

Granted, my experience with ACID was limited, so I'll list some of the best features of Demarc that I don't think ACID 
has, but please double check them:

-Multi level authentication for different types of users accessing the Demarc frontend.
-As previously stated, the ability to do file integrity checks and host monitoring from the same program as well as the 
Snort frontend features.
-Real-time reporting/analysis of all network events
-Ability to configure rules for all different Snort sensors through the Demarc web interface (so you don't have to log 
on to each server to manually update the rulesets and restart snort)
-Demarc has a "MiniView" page that takes up a nominal part of your screen and gives you an overview of what's going on 
on your network and refreshes every couple minutes (great to have open in a corner of your X windows screen set to 
"omnipresent & always on top")
-A SWEET interface... that's what sold my manager on it! (screenshots at: http://demarc.com/screenshots/)  Which brings 
me to the only bad part about Demarc - it's not GPL , but its still free for personal use and small companies.  We 
didn't qualify for the free license (I think the limit is about 20 people in the company), so we had to buy it.


Ali


-- 

_______________________________________________
Get your free email from http://www.graffiti.net

Powered by Outblaze

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: