Re: What do you with scan alerts

["Charles Darwin" <darwin () netmadeira com>]

There are mainly two: SecurityFocus and Dshield.

I'm currently sending mine to DeepSight Analyzer (
http://analyzer.securityfocus.com/ ). In fact it's their "Exctractor" that
does that in a scheduled basis.
They have a very useful notify tool, among other stuff, that you can use to
notify ISPs about the incidents at your site., and they support Snort log
format.

I would like to send the logs also to Dshield, but I still don't know how to
format them easily in order to send them there.
If nothing more appears maybe I'll make some VB application to do this
format automatically, using the Dshield specifications, but I'm short in
time currently. :-\
Here is the perl script to do this:
http://www1.dshield.org/clients/dshield_snort.pl
Dshield web site: http://www.dshield.org and Dshield specifications for the
format: http://www.dshield.org/specs.html
DShield now also have the option to fight back attackers from your logs.

Hope this help.

Best regards,

Paulo Santos Perneta <pperneta () netmadeira com>




-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users