Educause Security Discussion mailing list archives
Re: Snort Reporting
From: "King, Ronald A." <raking () NSU EDU>
Date: Tue, 28 Apr 2009 11:27:02 -0400
SNORT is great. We use it as a check system for our IPS as well as general notifications/correlation. However, it is a bit of a beast. I would recommend the Sourcefire training for the novice. I took it and now realize our implementation would not be as good had I not. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Email: raking () nsu edu http://security.nsu.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leon DuPree Sent: Monday, April 27, 2009 1:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Snort Reporting Thanks. I had a company that wants an IDS sysytems but they are expensive soI was thinking of using SNORT to save money On Mon, Apr 27, 2009 at 10:41 AM, Hammond, Stanley <shammond () capecod edu> wrote: We configured the IDS. Unless there is a need for the extra modules that are commercially available from Prelude Technologies, the free libraries and prelude manager should be able to provide some of the reporting features needed. --- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leon DuPree Sent: Friday, April 24, 2009 6:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Snort Reporting Snort is open source. "Free"? Did you configure the IDS or someone else? On Fri, Apr 24, 2009 at 7:56 AM, Hammond, Stanley <shammond () capecod edu> wrote: We use Snort with Prelude IDS (http://www.prelude-ids.com <http://www.prelude-ids.com/> ) Snort needs to be (re)compiled with the Prelude library, and the Prelude manager can email notifications based on different triggers. Stan Hammond Information Security Specialist Cape Cod Community College West Barnstable, MA From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Thursday, April 23, 2009 4:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Snort Reporting We have deployed Snort configured to use MySQL through Barnyard with BASE as the reporting tool. We are looking for an open source utility to monitor the database and generate email notifications on certain triggers like filter name, classification or SID. Does anyone have suggestions? Thank you. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Email: raking () nsu edu http://security.nsu.edu <http://security.nsu.edu/> -- EIM Consulting PO Box 320822 Flint Township, MI 48532 Leon DuPree B.S MBA Chief Security Consultant Phone: 810-569-6427 Fax: 270- 447-3872 -- EIM Consulting PO Box 320822 Flint Township, MI 48532 Leon DuPree B.S MBA Chief Security Consultant Phone: 810-569-6427 Fax: 270- 447-3872
Attachment:
smime.p7s
Description:
Current thread:
- Snort Reporting King, Ronald A. (Apr 23)
- <Possible follow-ups>
- Re: Snort Reporting Hammond, Stanley (Apr 24)
- Re: Snort Reporting Leon DuPree (Apr 24)
- Re: Snort Reporting Hammond, Stanley (Apr 27)
- Re: Snort Reporting Leon DuPree (Apr 27)
- Re: Snort Reporting Leon DuPree (Apr 27)
- Re: Snort Reporting King, Ronald A. (Apr 28)
- Re: Snort Reporting Leon DuPree (Apr 28)