Penetration Testing mailing list archives
Re: Software to Correlate traffic from various devices
From: "M.B.Jr." <marcio.barbado () gmail com>
Date: Fri, 31 Jul 2009 14:05:43 -0300
Dear Aseem, On Sat, Jul 25, 2009 at 8:06 AM, Aseem Kumar<kumaraseem () gmail com> wrote:
I am looking for an application that will allow me to write logic to correlate alerts that can be fed in the format of (device type,alarm name(from snort ids specifically) severity level, source ip, source port, destination ip, destination port, timestamp & event count) from a csv file. The application need not be too fancy GUI kind, but one with a simple interface but allows me to write logics using complex combinations of various fields in various stages.
Snort's already able to perform that correlation, provided with some of its enhancement add-ons. I guess (as far as I remember) there's this report add-on, with functionalities close to the ones you described. Regards, -- Marcio Barbado, Jr. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Software to Correlate traffic from various devices Aseem Kumar (Jul 27)
- Re: Software to Correlate traffic from various devices Miguel TubĂa (Jul 27)
- Re: Software to Correlate traffic from various devices Aseem Kumar (Jul 28)
- Re: Software to Correlate traffic from various devices Yiannis Koukouras (Jul 30)
- Re: Software to Correlate traffic from various devices A K (Jul 30)
- Re: Software to Correlate traffic from various devices Jon Hart (Jul 31)
- Re: Software to Correlate traffic from various devices Aseem Kumar (Jul 28)
- Re: Software to Correlate traffic from various devices Miguel TubĂa (Jul 27)