Snort mailing list archives
Re: Integrate Snort with Remedy, Anyone Please???
From: Jeff Nathan <jeff () snort org>
Date: Thu, 12 Feb 2004 15:48:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1The New York State University at Buffalo has been developing ARS Perl for Remedy Action Request system for years. The website for arsperl is http://arsinfo.cit.buffalo.edu/perl/index.html
As I suspect you're already aware, Snort can generate a significant number of alerts depending on how you've configured it. I'd use the thresholding features within Snort carefully to ensure you don't created hundreds of tickets in Remedy.
With this in mind, you could parse XML formatted Snort alerts and create remedy tickets using ARS Perl.
It's been many years since I've used ARS Perl, so I can't comment on how well it works.
Good luck. - -Jeff On Feb 12, 2004, at 11:23 AM, Snortty wrote:
All, My snort IDS on Solaris 8 has been running more stable, and in better control now. I'm thinking of integrating Snort alerts with Trouble Ticket Systmes - specifically Remedy, in order to be monitored together with other type of tickets, and be tracked the progress of resolving issues detected by Snort. Has anyone done the similar things, or know better to offer any suggestions/comments/places to look further PLEASE? I will share my results if I can make progress on this one. Thank you in advace! Snortlover. __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- The most technical single-track security conference in the West. Vancouver B.C., Canada April, 2004 http://cansecwest.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAK+awEqr8+Gkj0/0RApvGAJ9US1JIFB+rZ/1XbXB76uS6ejMjvQCfavmh 7Jg4LgLQX6utydQbGUiuZLU= =w1DL -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re[2]: -T option error, (continued)
- Re[2]: -T option error Erek Adams (Feb 11)
- Re: Re[2]: -T option error Drew Smith (Feb 11)
- Re: Re[2]: -T option error Erek Adams (Feb 11)
- Re[3]: -T option error crazy (Feb 12)
- Re[3]: -T option error Erek Adams (Feb 11)
- Re[4]: -T option error crazy (Feb 12)
- Re[4]: -T option error Erek Adams (Feb 13)
- Message not available
- Re[6]: -T option error crazy (Feb 16)
- Integrate Snort with Remedy, Anyone Please??? Snortty (Feb 12)
- Re: Integrate Snort with Remedy, Anyone Please??? Owen McCusker (Feb 12)
- Re: Integrate Snort with Remedy, Anyone Please??? Jeff Nathan (Feb 12)
- Re: Re[3]: -T option error AJ Butcher, Information Systems and Computing (Mar 25)