Snort mailing list archives
RE: Checkpoint FW1 Alerts to acid/Snort?
From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Wed, 9 Jan 2002 12:21:13 -0500
If the alerts can be forwarded elsewhere using syslog, snmptraps, etc.., they can be captured and inserted into the Snort database. The schema's well documented, and I've done just that with the alerts from a commercial IDS package (NFR) using snmptraps on a private lan. The technique works for other sources of information as well... I collect alerts from arpwatch and ipchains to add to the Snort database. Each source has a unique sid, and ACID happily processes the alerts as if they came from Snort.
-----Original Message----- From: Marc Dreher [mailto:MarcDreher () gmx net] Sent: Wednesday, January 09, 2002 7:28 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] Checkpoint FW1 Alerts to acid/Snort? Hi, This question is not 100% snort related but I hope sombody maybe able to give some hints. We are using snort sensors for intrusion detection with acid as analysis console. Besides that we use Checkpoints Firewall-1 as, who'd expect, firewalls. As we can not place a snort sensor next to every firewall, the question now is, if there is a posibility/tool to parse the dropped packets alerts generated by the firewalls somehow into the database to enable analysis with acid alongside with the snort alerts. Can anybody help here. Thanks a lot Marc -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Checkpoint FW1 Alerts to acid/Snort? Marc Dreher (Jan 09)
- RE: Checkpoint FW1 Alerts to acid/Snort? Ofir Arkin (Jan 09)
- <Possible follow-ups>
- RE: Checkpoint FW1 Alerts to acid/Snort? Fraser Hugh (Jan 09)