Snort mailing list archives
Re: Barnyard2 alternatives?
From: Doug Burks <doug.burks () gmail com>
Date: Tue, 4 Aug 2015 09:27:07 -0400
On Tue, Aug 4, 2015 at 8:53 AM, Richard Monk <rmonk () redhat com> wrote:
We took a look at Sguil/Squert and were unimpressed with the feature set (in fact, we're slowly getting rid of snorby for the same reason). I'll take a look again. Right now, we like having the packet data that comes with "native" DB storage, although we're spinning up full packet capture/Bro to offset needing that as well.
The Sguil database stores the same alert payload data that the Snorby database does. In addition, Sguil makes it very easy to pivot to full packet capture. You can also easily add a hook to Sguil/Squert to search for relevant Bro logs. -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Jaime Nebrera (Aug 06)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Jim Hranicky (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)