Snort mailing list archives
Correlation on Snort Events
From: "Kamal Ahmed" <Kamal.Ahmed () esecurity net>
Date: Tue, 6 Sep 2005 00:22:16 -0400
Hi, What snort can do is (as per my understanding) is to generate events based on rules, or to sniff/snoop network traffic, this is all well and good, but I do not see a person going thru every log message to find out meaningful information, regarding what the packet actually meant to do (in case of any intrusion type attack). Is there a correlation engine , which can have rules like: If message A is received which contains X text, and within N amount of time another message B is received on the wire, containing Y text , generate an log message , and also send an e-mail to (let's say Security Administrator) Thanks, -Kamal. ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Correlation on Snort Events Kamal Ahmed (Sep 05)
- Re: Correlation on Snort Events Jason Brvenik (Sep 06)