IDS mailing list archives
RE: ISS and Snort logs
From: Luke Leboeuf <luke () arcsight com>
Date: Fri, 11 Apr 2003 15:14:10 -0700
Probably not, seeing as the event collector would not have any key for the snort sensor. However, if you could figure out some way to normalize snorts events to ISS database schema, create a DB user for the snort sensor to have write access to the SQL DB, and figure out a way for the sensor to make ODBC calls to the ISSED database to insert events, I guess, in theory, it could be possible. If you get it to work let everyone know. There are other applications that you can use to bring your snort logs and your ISS siteprotector logs into one usable, database and correlation engine (like the free Acid). They usually cost a pretty penny. Good luck! Luke LeBoeuf ArcSight, Inc. (c) 571.331.5142 (e) luke () arcsight com http://www.arcsight.com -----Original Message----- From: Scott M. Algatt [mailto:salgatt () turtleshell net] Sent: Tuesday, April 08, 2003 10:26 AM To: focus-ids () securityfocus com Subject: ISS and Snort logs I am trying to see if there is a way to have ISS's SiteProtector receive Snort logs realtime? Regards, Scott M. Algatt Behold the turtle. He makes progress only when he sticks his neck out. ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71 ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- ISS and Snort logs Scott M. Algatt (Apr 11)
- <Possible follow-ups>
- RE: ISS and Snort logs Luke Leboeuf (Apr 11)
- RE: ISS and Snort logs Scott M. Algatt (Apr 14)
- RE: ISS and Snort logs Security Conscious (Apr 21)
- Re: ISS and Snort logs Brian (Apr 26)
- RE: ISS and Snort logs Chris Petersen (Apr 28)
- RE: ISS and Snort logs Scott M. Algatt (Apr 14)