Re: Correlation tool

[nyec <nyec () pacbell net>]

Try Barnyard. It can be found here: http://www.snort.org/dl/
There's other goodies on this page too. Of course it's free, and as Matt 
correctly points out, "it's Open Source." Which of course means you don't 
need to pay Matt a bunch of money for buggy software and you have access to 
the source code to modify and possible help others out. 

On Tuesday 17 June 2003 8:23 am, Matthew F. Caldwell wrote:
> Thomas,
>
>       You may want to take a look at the open source tool "Simple
> Event Correlator".  http://kodu.neti.ee/~risto/sec/
>
> The website claims to aggregate and correlate Event Data from the Snort
> IDS. The level of correlation is pretty simple from my understanding
> however it is Open Source. So add mod add away!
>
> If you interested in something a bit more on the scalable/robust with
> extensible open architecture. I would invite you to check out Guarded
> Net's neuSecure product.
>
>
> Matt
>
> Matthew F. Caldwell, CISSP
> Founder and Chief Security Officer
> GuardedNet, Inc.
> www.guarded.net
>
>
> -----Original Message-----
> From: Thomas Seibel [mailto:Thomas.Seibel () controlware de]
> Sent: Tuesday, June 17, 2003 10:00 AM
> To: focus-ids () securityfocus com
> Subject: Correlationtool
>
> Hello,
>
> does someone knows if there is an opensource tool which can correlate
> IDS-Data from Snort?
>
> Regards,
> Tom
>
>
> ------------------------------------------------------------------------
> -------
> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas,
> the
> world's premier technical IT security event! 10 tracks, 15 training
> sessions,
> 1,800 delegates from 30 nations including all of the top experts, from
> CSO's to
> "underground" security specialists.  See for yourself what the buzz is
> about!
> Early-bird registration ends July 3.  This event will sell out.
> www.blackhat.com
> ------------------------------------------------------------------------
> -------
>
>
> ---------------------------------------------------------------------------
> ---- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas,
> the world's premier technical IT security event! 10 tracks, 15 training
> sessions, 1,800 delegates from 30 nations including all of the top experts,
> from CSO's to "underground" security specialists.  See for yourself what
> the buzz is about! Early-bird registration ends July 3.  This event will
> sell out. www.blackhat.com
> ---------------------------------------------------------------------------
> ----


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------