Snort mailing list archives
RE: ACID and SnortReport Questions
From: "Ibarra, Michael" <m.ibarra () cdcixis-na com>
Date: Thu, 3 Oct 2002 11:09:39 -0400
Yes, but the email that is sent is pretty much useless to the reciever, it doesn't give any additional data like the email below. What would be a great feature is something that pulls all relevant information, i.e. src ip dst ip and number of alerts with start-end dates. Yes, I know that this is ALOT to ask for, but this is what would set SNORT far ahead of other packages. I do not know how many people on this list actually send reports on a daily basis, I do, and it blows. -mike -----Original Message----- From: Hicks, John [mailto:JHicks () JUSTICE GC CA] Sent: Thursday, October 03, 2002 10:55 AM To: 'Ibarra, Michael'; Snort Users (E-mail) Subject: RE: [Snort-users] ACID and SnortReport Questions Using ACID it's very easy to fire emails off of individual alerts, a selected list of alerts, or an entire query that is relevant. cheers, John -----Original Message----- From: Ibarra, Michael [mailto:m.ibarra () cdcixis-na com] Sent: Thursday, October 03, 2002 10:45 AM To: 'Snort Users List' (E-mail) Subject: [Snort-users] ACID and SnortReport Questions Hello: I've recently used SHADOW and was very impressed with its ability to create a report based on src ip, dest ip, port, traffic type, etc. This report was especially helpful for delivery to ISP's and such, not that they do much without some legal threats. What I see lacking in both ACID as well as snortreport is this functionality, or have I missed something? Here is a sample of what the Shadow report looks like: Company-NAME - Network Security Division Network Detection Report Phone 212-555-1212 Company-NAME Intrusion Detection Report No.: Company-NAME-IDR20021003.2 1. Report Date: Thu Oct 03, 2002 - 10:40:23 2. Incident Date: 3. Type of Incident: Informational Report 4. Individuals Involved: Source: Target(s): Site: Company-NAME 5. Cost of this Incident: No Downtime. 6. Summary of Incident and Investigation Results: ***** End of Company-NAME Intrusion Detection Report No.: ### ***** ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID and SnortReport Questions Ibarra, Michael (Oct 03)
- <Possible follow-ups>
- RE: ACID and SnortReport Questions Hicks, John (Oct 03)
- RE: ACID and SnortReport Questions Ibarra, Michael (Oct 03)