Snort mailing list archives
Re: Acid and HSC
From: Michael Boman <michael.boman () gmail com>
Date: Mon, 8 Nov 2004 16:38:49 +0800
On Mon, 08 Nov 2004 16:07:24 +0800, sam wun <sam.wun () authtec net> wrote:
Hi, I found that current version of Acid is nearly useless for security analyst. Acid can't even provide functions allow security analyst to inspect tcp/ip payload. Does HSC offer this type of analysis? Thanks Sam
ACID can analyze packet payload, if you configured the database logging correctly. However, if you want to practice true NSM (Network Security Monitoring) I suggest you to take a look at Sguil (www.sguil.net), which offers a range of features that is of interest when you are investigating a possible intrusion or compromise. Best regards Michael Boman ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC Paul Schmehl (Nov 08)
- Re: Acid and HSC Bamm Visscher (Nov 08)
- Re: Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC Edin Dizdarevic (Nov 08)
- Message not available
- Re: Acid and HSC Edin Dizdarevic (Nov 08)
- Message not available
- <Possible follow-ups>
- Re: Acid and HSC Richard Bejtlich (Nov 10)