Snort mailing list archives
Re: Combine NIDS with HIDS
From: omar hussein <omar811128 () gmail com>
Date: Sun, 31 May 2009 13:29:42 +0100
Thanks for the reply. I know that Snort is one of the best NIDS open source software's that can be used, any suggestion for HIDS open source software that can be used.. and would be compatable with Snort!! Kindest Regards Omar London On Sat, May 30, 2009 at 6:32 PM, Stephen Mullins < steve.mullins.work () gmail com> wrote:
You can use Snort in conjunction with a HIDS. In terms of aggregating the data, I think you would use an SIEM (Security Information and Event Manager), like ArcSight, and have feeds from both Snort and your HIDS into it. I don't think using a NIDS to cross-check or verify HIDS alerts is practical. I think the way to check a HIDS alarm is to remote into the system and check the file system etc. You could use the HIDS to cross-check NIDS alerts though, and that would make sense to me. Steve Mullins On Sat, May 30, 2009 at 11:46 AM, omar hussein <omar811128 () gmail com> wrote:Hello gentleman, I was wondering of the ability of combining SNORT which is NIDS with HIDS software, and make both works on the same system? And is this going to be useful and provide more security? i'm sure thatwilldepend on the mechanism that both software’s are going to use in order to cooperate between each other. Like using the alarms resulted from one software (like HIDS) and check it again by NIDS or vice versa. Kindest Regards Omar MSc Wireless Commincations systems London------------------------------------------------------------------------------Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights likeBarbarianGroup, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Combine NIDS with HIDS omar hussein (May 30)
- Re: Combine NIDS with HIDS Stephen Mullins (May 30)
- Re: Combine NIDS with HIDS omar hussein (May 31)
- Re: Combine NIDS with HIDS Nigel Houghton (May 31)
- Re: Combine NIDS with HIDS omar hussein (May 31)
- Re: Combine NIDS with HIDS Stephen Mullins (May 30)