Snort mailing list archives
Re: Comment Request
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Tue, 13 Nov 2012 17:36:52 +0000
That said, adding HIDS and/or multiple NIDS sensors within the network at various strategic points can be useful. OTOH, this can bury you in log files if not done judiciously. -- Shane Castle Data Security Mgr, Boulder County IT -----Original Message----- From: Jeremy Hoel [mailto:jthoel () gmail com] Sent: Tuesday, November 13, 2012 10:31 To: wkitty42 () windstream net Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Comment Request Bro doesn't use snort at it's core and can do more anomaly type detection, along with giving a better idea whats going on in the network.. It gives a lot of data, but can be tuned to reduce part of that. It's a very neat tool. On Tue, Nov 13, 2012 at 10:02 AM, waldo kitty <wkitty42 () windstream net> wrote:
On 11/10/2012 02:43, HamidReza Ghorbani wrote:The goals is to address shortcomings of Signature based IDS(like SNORT) with one of the approaches above. It is important that the selected approach is compatible with SNORT, when implementing.ummm... i believe that if you dig deeper into those projects you mentioned, you'll find that they use snort internally... suricata doesn't as it is a different engine but it, too, is rules based... how else would you expect them to work and be customizable as to what they detect on your network?? ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Comment Request HamidReza Ghorbani (Nov 13)
- Re: Comment Request waldo kitty (Nov 13)
- Re: Comment Request Jeremy Hoel (Nov 13)
- Re: Comment Request Castle, Shane (Nov 13)
- Re: Comment Request Jeremy Hoel (Nov 13)
- Re: Comment Request livio Ricciulli (Nov 13)
- Re: Comment Request waldo kitty (Nov 13)