Snort mailing list archives
Re: This has real potential
From: Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>
Date: Fri, 26 Feb 2010 23:19:09 +0100
Very interesting Alex :) We aim to do the same with PRADS, only passively. There is a perl script in early alpha that a sharp friend and co-worker wrote some weeks back, that takes the sqlite3 db from prads (prads.db) and turns it in to host_attribute table format. (http://github.com/gamelinux/prads/blob/master/perl/sbin/snortifyprads.pl) I'll check out our own alpha and read up om hogger and Joel Esler's resent post on the week to come, and test things out. Our aim is to have PRADS run aside with snort, collection valuable information to feed to snort (and suricate in the future). Read more about prads here: http://prads.projects.linpro.no/ Code is hosted on github: http://gamelinux.github.com/prads/ PRADS is still under development, and this is a bit premature post for the masses, but hey! If your not a geek, wait until we post a release :) PRADS - Passive Real-time Asset Detection System - Know your assets! Alex Tatistcheff wrote:
There's a new Perl script on the block and it has HUGE potential to help Snort admins tune their installations. You're probably aware of the host attribute table feature where you create an .XML file describing the hosts on your network, then feed that into Snort. The key phrase here is "you create". In the past this was a very labor intensive process and could prove daunting if you have a large or fairly dynamic network. Just recently Parker Crook (one sharp individual) has written a script to create this host attribute .XML file from output obtained from the nmap scanner. The script is new and could use some testing from the community. However, the concept is sound and the value of automatically creating this file is significant. It's mentioned in a blog at http://global-security.blogspot.com/2010/02/hogging-snort-host-attribute-table.html The project, which is called Hogger (what a cool name) is available on Google Code at http://code.google.com/p/hogger Alex Tatistcheff alext () pobox com <mailto:alext () pobox com>
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- This has real potential Alex Tatistcheff (Feb 26)
- Re: This has real potential Crook, Parker (Feb 26)
- Re: This has real potential Edward Bjarte Fjellskål (Feb 26)