Snort mailing list archives
Re: What makes a complete IDS package?
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 18 Mar 2011 10:08:55 -0600
Here's what I currently have and I think is pretty much the minimum for any security shop running IDS/IPS (substitute your favorite software, but since this is a snort list, we're probably all using snort.) Snort Barnyard2 Pulledpork (VRT + ET rules) PRADS or Hogger to build host_attribute table BASE (could be any of the good alert viewers) Syslog to SIEM Integration to Systems Management or Vulnerability Management Systems Full packet capture/stream capture for further analysis of events ________________________________ From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Friday, March 18, 2011 5:38 AM To: Snort Subject: [Snort-users] What makes a complete IDS package? So.....topic says it all. We all know Snort in and of itself isn't what say...a CEO would call a complete IDS package. That being said, what addons are really required, to you, to make it so? As much as I loath the LAMP environment, it seems like that's pretty much the only option if you want reporting. I'm currently using snortalog (modified since it's old) from syslog, and oinkmaster...what else is there besides LAMP above? I know there's barnyard2 for piping unified to mysql, but to be honest, the less processes I have running on my IDS, the better in my mind. Can anyone add to my list below? Thanks for anything you can add. Reporting: LAMP, Barnyard2 & Base Sguil Snorby Rules management: Oinkmaster Pulled pork
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What makes a complete IDS package? James Lay (Mar 18)
- Re: What makes a complete IDS package? Jefferson, Shawn (Mar 18)
- Re: What makes a complete IDS package? Joel Esler (Mar 18)
- Re: What makes a complete IDS package? James Lay (Mar 19)
- Re: What makes a complete IDS package? Joel Esler (Mar 19)
- Re: What makes a complete IDS package? Martin Holste (Mar 21)
- Re: What makes a complete IDS package? Joel Esler (Mar 21)
- Re: What makes a complete IDS package? Jefferson, Shawn (Mar 21)
- Re: What makes a complete IDS package? Joel Esler (Mar 21)
- Re: What makes a complete IDS package? James Lay (Mar 19)