Snort mailing list archives
RE: ACID enhancement
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Fri, 7 Jun 2002 15:43:19 -0400
My favourite ACID enhancement to date is my silly little link between my Live data and my Archive. Makes my life alot easier. JH -----Original Message----- From: Kristopher Czachor [mailto:czachor () syrres com] Sent: Thursday, June 06, 2002 9:07 AM To: snort-users () lists sourceforge net Subject: [Snort-users] ACID enhancement I'm not sure if this is the right place to post this or if Roman is on this list. I'm using the Snort+MySQL+ACID combo for my network and I'd really like to see an improvement on the reporting of portscans in ACID. I'd love there to be a report that has a summary of portscans which would show the scanner's IP address, maybe the address it resolves to, the ports they were hitting and possibly the other number of unique events associated with that address and maybe a count of those unique events. I think it would give me a better single place to look to get an idea of who's actively targeting me versus just blasting me with portscans. Anyone out there in agreement with this? Is there another program that will do that that I'm not aware of? My $.02, Kris
Current thread:
- ACID enhancement Kristopher Czachor (Jun 06)
- Re: ACID enhancement Michael Scheidell (Jun 07)
- <Possible follow-ups>
- RE: ACID enhancement Hicks, John (Jun 07)