Snort mailing list archives
Re: Using Spade
From: James Hoagland <jim () SiliconDefense com>
Date: Sun, 9 Feb 2003 20:45:28 -0800
At 9:05 AM -0800 2/9/03, Mahdi Kefayati wrote:
In the Name of the DearestI know about snortsnarf but as far as I know it works on local logs not database.
SnortSnarf can read from a Snort database as well (even with Oracle with the latest SnortDBInput).
also I'm not shore about its statistical analysis- I mean calculating correlation between alerts from multiple sensors and so on besides understandable graphs based on the logs.
SnortSnarf does some correlation, but it is pretty simple (e.g., grouping things with the same source IP or the same signature together).
Also snortsnarf works on logs but Spade is a anomaly detection
SnortSnarf can process Spade reports from log or from a database. In fact, it presents Spade alerts in a special section.
, and i think snort has no other such a plug-in.
As far as I know, Spade is the only statistical anomaly detector available for Snort.
Kind regards, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: The Cyberwar Defense Company --- *| |* jim () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using Spade Mahdi Kefayati (Feb 08)
- <Possible follow-ups>
- Re: Using Spade Mahdi Kefayati (Feb 09)
- Re: Using Spade James Hoagland (Feb 09)