Snort mailing list archives
RE: Rule management
From: "Jeff Dell" <jdell () activeworx com>
Date: Tue, 27 Nov 2001 07:40:11 -0500
I have thought about that and I have had a lot of people question me about the choice of win2k. Well, at the time I started it I had to have a win2k workstation at my desk, so I just continued to work with it. I now only work on it on my free time, which is about 5-10 hours a week, so rewriting it for Linux could take some time. The funny thing is that I have never used snort with windows. I have always used it with Linux. Maybe someday I will get off my lazy ass and do something with Linux. Jeff
-----Original Message----- From: Jason Lewis [mailto:jlewis () packetnexus com] Sent: Tuesday, November 27, 2001 7:25 AM To: 'Jeff Dell'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Rule management I mispoke and I apologize. I was thinking about IDS Policy Manger and typed IDScenter. I have used it and it is handy. My problem is win2k. heh Jeff how about a linux version? Or even something web based? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: Jeff Dell [mailto:jdell () activeworx com] Sent: Tuesday, November 27, 2001 7:05 AM To: jlewis () packetnexus com; snort-users () lists sourceforge net Subject: RE: [Snort-users] Rule management I have been working on a tool that does just this: IDS Policy Manager www.activeworx.com. It does complete rule management for Snort. Yes, this tool does reside on Windows 2k, but it handles rules for really any os. One thing it doesn't presently have is automatic rule update. But it does everything else. If that is something that is in high demand, it should be easy enough to do. To be honest with you, I watch how often the CVS rules get updated and it only happens about once a week. If you modify your ids sensors more then once a week, it is easy enough to just click a button to merge in the new rules as you are modifying them. This way you know exactly which rules were merged in and if you really want them enabled or not. I personally have a hard time just updating the policy without me knowing what changes have been made. Jeff-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Lewis Sent: Tuesday, November 27, 2001 6:34 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Rule management I was thinking about all the requests for automatic ruleupdates. Ithink this stems from the anti-virus auto update features. The thinking is....the more up to date the sigs are, the better off you are. What we really need is a rule management tool. IDScenterdoes some ofthis, but it runs on Win2k. (You can manage linux sensors too) Is anyone updating a master rule list and pushing updatesto sensors?I have tossed around different ideas for doing this andthought maybeI could get some feedback here. I was thinking a directorystructurethat had folders for each sensor and rules were updatedautomaticallyvia scp. Thoughts? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/s> nort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Michael Boman (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- Re: Re: Snort Wizard comming soon! Guillaume (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Blake Frantz (Nov 28)
- Re: Rule management Matthias Hofherr (Nov 28)
- <Possible follow-ups>
- Rule management larc (Nov 28)