Snort mailing list archives
Re: Snort Analisys platform
From: Sam Evans <wintrmte () gmail com>
Date: Sun, 28 Nov 2004 14:37:08 -0700
Wow, what you have so far looks fantastic!!! On Sun, 28 Nov 2004 18:44:18 +0100 (CET), Andreas Östling <andreaso () it su se> wrote:
Not yet, but I'm playing with a tool called Pigris that I hope I'll have time to finish and release some time (I don't know when though). It has the look and feel of a web-based alert browser but is a client written in Perl/Tk that talks to the db. It works well with many sensors and events and has some other useful features too. There are some early screenshots and more info at http://people.su.se/~andreaso/pigris/screenshots/ if you're interested. You may also want to checkout Sguil at http://sguil.sf.net/. It scales well but kind of assumes that every event (or correlated group of events) has to be dealt with by an analyst. This can be a huge strength in some environments but I'm not sure it would work well if you have 2 million events a day (are your sigs really optimally tuned?) /Andreas ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Analisys platform mamo (Nov 27)
- Re: Snort Analisys platform Kevin Johnson (Nov 27)
- Re: Snort Analisys platform Andreas Östling (Nov 28)
- Re: Snort Analisys platform Sam Evans (Nov 28)
- <Possible follow-ups>
- RE: Snort Analisys platform Harper, Patrick (Nov 28)
- Snort Analisys platform max (Nov 29)
- Re: Snort Analisys platform Michael Boman (Nov 30)