Re: Using Spade

[James Hoagland <jim () SiliconDefense com>]

At 9:05 AM -0800 2/9/03, Mahdi Kefayati wrote:
> In the Name of the Dearest
>
> I know about snortsnarf but as far as I know it works on local logs 
> not database.

SnortSnarf can read from a Snort database as well (even with Oracle 
with the latest SnortDBInput).

>  also I'm not shore about its statistical analysis- I mean 
> calculating correlation between alerts from multiple sensors and so 
> on besides understandable graphs based on the logs.

SnortSnarf does some correlation, but it is pretty simple (e.g., 
grouping things with the same source IP or the same signature 
together).

> Also snortsnarf works on logs but Spade is a anomaly detection

SnortSnarf can process Spade reports from log or from a database.  In 
fact, it presents Spade alerts in a special section.

> , and i think snort has no other such a plug-in.

As far as I know, Spade is the only statistical anomaly detector 
available for Snort.

Kind regards,

  Jim
--
|*     Jim Hoagland, Associate Researcher, Silicon Defense     *|
|*    --- Silicon Defense: The Cyberwar Defense Company ---    *|
|*   jim () SiliconDefense com, http://www.silicondefense.com/    *|
|*  Voice: (530) 756-7317                 Fax: (530) 756-7297  *|


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users