RE: ACID enhancement

["Hicks, John" <JHicks () JUSTICE GC CA>]

My favourite ACID enhancement to date is my silly little link between my
Live data and my Archive. Makes my life alot easier.
 
JH

-----Original Message-----
From: Kristopher Czachor [mailto:czachor () syrres com]
Sent: Thursday, June 06, 2002 9:07 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID enhancement



I'm not sure if this is the right place to post this or if Roman is on this
list. I'm using the Snort+MySQL+ACID combo for my network and I'd really
like to see an improvement on the reporting of portscans in ACID. I'd love
there to be a report that has a summary of portscans which would show the
scanner's IP address, maybe the address it resolves to, the ports they were
hitting and possibly the other number of unique events associated with that
address and maybe a count of those unique events. I think it would give me a
better single place to look to get an idea of who's actively targeting me
versus just blasting me with portscans. Anyone out there in agreement with
this?  Is there another program that will do that that I'm not aware of? 

 

My $.02,

Kris