Re: snort web interface

[Richard Bejtlich <taosecurity () gmail com>]

On Tue, Aug 23, 2011 at 7:04 PM, alexus <alexus () gmail com> wrote:
> I was wondering what's popular/good web interfaces these days?

What a great thread!!

The best interface for you is the one that meets your analytical workflow.

If you just want to look at alerts, tailing the alert file might be
sufficient.  (Welcome to 1998.)

If you want to follow NSM, you need something that provides access to
all the NSM data types.

If you want to operationalize incident detection and response, you
also need the capability to escalate and resolve incidents.

Also: anyone scared of trying to install Sguil should try
securityonion.blogspot.com, a live Xubuntu distro.  Eventually Doug
will add other interfaces and frameworks to the distro, so the desired
console throwdown could be done in a single bundle!

Sincerely,

Richard

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!