Re: Comment Request

["Castle, Shane" <scastle () bouldercounty org>]

That said, adding HIDS and/or multiple NIDS sensors within the network at various strategic points can be useful. OTOH, 
this can bury you in log files if not done judiciously.

-- 
Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: Jeremy Hoel [mailto:jthoel () gmail com] 
Sent: Tuesday, November 13, 2012 10:31
To: wkitty42 () windstream net
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Comment Request

Bro doesn't use snort at it's core and can do more anomaly type
detection, along with giving a better idea whats going on in the
network.. It gives a lot of data, but can be tuned to reduce part of
that.  It's a very neat tool.



On Tue, Nov 13, 2012 at 10:02 AM, waldo kitty <wkitty42 () windstream net> wrote:
> On 11/10/2012 02:43, HamidReza Ghorbani wrote:
> > The goals is to address shortcomings of Signature based IDS(like SNORT)
> > with one of the approaches above.
> > It is important that the selected approach is compatible with SNORT, when
> > implementing.
>
> ummm... i believe that if you dig deeper into those projects you mentioned,
> you'll find that they use snort internally... suricata doesn't as it is a
> different engine but it, too, is rules based... how else would you expect them
> to work and be customizable as to what they detect on your network??
>
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!