RE: dragon and snort logs

["Golomb, Gary" <GGolomb () enterasys com>]

*** Moderator: While this message is not the most vendor-neutral post I
have ever made, there is no other way to reply to the previous message.
I hope you understand. Please let me know if anything should be changed
as the points made my Brian should be responsibly addressed. Thanks!

> It is a fairly common occurrence for Enterasys customers to use snort.
>
> So common that Enterasys distributes utilities to convert snort
signatures
> into a policy lib file so you can use their HIDS to monitor snort log
> files.

Brain is absolutely correct. Many people start using Snort since they
first learn how to use IDS though courses like SANS and other
introductory courses. Additionally, since Snort is free, it is easy for
administrators to use it for initial design and implementation testing.
We've seen many people do this while testing solutions from vendors. 

After the initial stages of an IDS network design, many people upgrade
to commercial implementations. When they do, we try our best to support
any existing infrastructure they may have. If they have already taken
the time to write custom signatures for their existing IDS, we will work
with them to import those to Dragon, since Dragon is one of the few
commercial solutions to have a fully open signature set - whether the
initial implementation was Snort or otherwise. Interestingly enough,
we're running into Snort less and less. Now we're needing to convert
signatures from the other market leaders since they are starting to open
up the ability to write custom detection routines. 

The tool you reference is one of the tools which Dragon customers have
developed for the Dragon community. Being on the Dragonuser mailing
list, you should know about how people contribute data mining tools,
signatures, and other conversion utilities. If you have missed those,
they are freely available on our support site. 

> Ask your Enterasys support person for help if you can't figure out
their
> tools.

In addition to field support engineers all over the world, you can also
utilize our global support call centers, or the rest of the Dragon
community on the Dragonuser list. 


-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------