Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Software to Correlate traffic from various devices

From: "M.B.Jr." <marcio.barbado () gmail com>
Date: Fri, 31 Jul 2009 14:05:43 -0300
Dear Aseem,


On Sat, Jul 25, 2009 at 8:06 AM, Aseem Kumar<kumaraseem () gmail com> wrote:


I am looking for an application that will allow me to write logic to
correlate alerts that can be fed in the format of (device type,alarm
name(from snort ids specifically) severity level, source ip, source
port, destination ip, destination port, timestamp & event count) from
a csv file.
The application need not be too fancy GUI kind, but one with a simple
interface but allows me to write logics using complex combinations of
various fields in various stages.



Snort's already able to perform that correlation, provided with some
of its enhancement add-ons. I guess (as far as I remember) there's
this report add-on, with functionalities close to the ones you
described.



Regards,




-- 
Marcio Barbado, Jr.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: