Snort mailing list archives
RE: Rule management
From: "Jason Lewis" <jlewis () packetnexus com>
Date: Tue, 27 Nov 2001 07:25:21 -0500
I mispoke and I apologize. I was thinking about IDS Policy Manger and typed IDScenter. I have used it and it is handy. My problem is win2k. heh Jeff how about a linux version? Or even something web based? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: Jeff Dell [mailto:jdell () activeworx com] Sent: Tuesday, November 27, 2001 7:05 AM To: jlewis () packetnexus com; snort-users () lists sourceforge net Subject: RE: [Snort-users] Rule management I have been working on a tool that does just this: IDS Policy Manager www.activeworx.com. It does complete rule management for Snort. Yes, this tool does reside on Windows 2k, but it handles rules for really any os. One thing it doesn't presently have is automatic rule update. But it does everything else. If that is something that is in high demand, it should be easy enough to do. To be honest with you, I watch how often the CVS rules get updated and it only happens about once a week. If you modify your ids sensors more then once a week, it is easy enough to just click a button to merge in the new rules as you are modifying them. This way you know exactly which rules were merged in and if you really want them enabled or not. I personally have a hard time just updating the policy without me knowing what changes have been made. Jeff
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Lewis Sent: Tuesday, November 27, 2001 6:34 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Rule management I was thinking about all the requests for automatic rule updates. I think this stems from the anti-virus auto update features. The thinking is....the more up to date the sigs are, the better off you are. What we really need is a rule management tool. IDScenter does some of this, but it runs on Win2k. (You can manage linux sensors too) Is anyone updating a master rule list and pushing updates to sensors? I have tossed around different ideas for doing this and thought maybe I could get some feedback here. I was thinking a directory structure that had folders for each sensor and rules were updated automatically via scp. Thoughts? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/s> nort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Michael Boman (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- Re: Re: Snort Wizard comming soon! Guillaume (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Blake Frantz (Nov 28)
- Re: Rule management Matthias Hofherr (Nov 28)