Snort mailing list archives
RE: Integrate Snort with Remedy, Anyone Please???
From: "Noble, Kevin" <Kevin.Noble () icn siemens com>
Date: Thu, 12 Feb 2004 11:11:02 -0800
Also consider SEC (Simple Event Correlator) http://sourceforge.net/projects/simple-evcorr/ Using something like this give the GAP or buffer you need. -Kevin -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Owen McCusker Sent: Thursday, February 12, 2004 12:35 PM To: snort-users () lists sourceforge net Cc: Snortty Subject: Re: [Snort-users] Integrate Snort with Remedy, Anyone Please??? I would put some type "air-gap" somewhere in the overall security operations of your ticket system. During DOS exploits you may be generating lots of ticks, auto-ticket generator. Maybe use ACID alert capabilities, and wrap the creation of an alert group with the creation of a ticket in your Trouble Ticket System. Owen
All, My snort IDS on Solaris 8 has been running more stable, and in better control now. I'm thinking of integrating Snort alerts with Trouble Ticket Systmes - specifically Remedy, in order to be monitored together with other type of tickets, and be tracked the progress of resolving issues detected by Snort. Has anyone done the similar things, or know better to offer any suggestions/comments/places to look further PLEASE? I will share my results if I can make progress on this one. Thank you in advace! Snortlover. __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Integrate Snort with Remedy, Anyone Please??? Noble, Kevin (Feb 12)