Snort mailing list archives
This has real potential
From: Alex Tatistcheff <alex.tatistcheff () gmail com>
Date: Fri, 26 Feb 2010 13:36:58 -0700
There's a new Perl script on the block and it has HUGE potential to help Snort admins tune their installations. You're probably aware of the host attribute table feature where you create an .XML file describing the hosts on your network, then feed that into Snort. The key phrase here is "you create". In the past this was a very labor intensive process and could prove daunting if you have a large or fairly dynamic network. Just recently Parker Crook (one sharp individual) has written a script to create this host attribute .XML file from output obtained from the nmap scanner. The script is new and could use some testing from the community. However, the concept is sound and the value of automatically creating this file is significant. It's mentioned in a blog at http://global-security.blogspot.com/2010/02/hogging-snort-host-attribute-table.html The project, which is called Hogger (what a cool name) is available on Google Code at http://code.google.com/p/hogger Alex Tatistcheff alext () pobox com
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- This has real potential Alex Tatistcheff (Feb 26)
- Re: This has real potential Crook, Parker (Feb 26)
- Re: This has real potential Edward Bjarte Fjellskål (Feb 26)