RE: Looking for tool to generate isp/domain notific ation emails....

["Potts, Ross A." <RPOTTS () NORTHROPGRUMMAN COM>]

Well, SnortSnarf will at least can the whois lookups for you on a number of
sites.  I use webalizer in conjunction because It will reverse lookup at
least what hits the webserver.  I have thus far unsuccessfully tested
reconfiguring Snarf to do a few extra things to make my life easier.  I'm
getting closer!
 
 
 
 -----Original Message-----
From: Kevin Riggins [mailto:kriggins () comdev com]
Sent: Friday, May 10, 2002 9:17 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Looking for tool to generate isp/domain notification
emails....



Once upon a time, I seem to remember seeing a tool that would parse snort
logs, perform the dns/revers/whaterver lookups, generate and send and email
to the parties concerned about an intrusion attempt.  Does anybody know
where I can get something like this?  I use aris.securityfocus.com right
now, but it is very time consuming.  I could roll my own, but, you know,
wheel, reinvent, etc...

 

TIA,

Kevin Riggins

Quester Research

2910 Westown Parkway

Suite 100

West Des Moines, IA 50266

mailto: kriggins () comdev com

phone: +1 (515) 225-2500 x 257

cell: +1 (515) 202-2306