Snort mailing list archives
Re: Alternative to BASE
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Wed, 28 Apr 2010 15:12:47 -0400
Absolutely. And, as with most open source projects, it is prone to long periods of inactivity from the developers as they have full time jobs and personal lives to take care of. If one is looking for professional grade support then I think anyone on this list knows where to look to get that for Snort. However, I would love to see a stand alone front end such as Sguil for some of the "professional grade" proprietary IDS suites out there. The ease of use and speed with which one can jump between alerts is phenomenal. I'm sure the web based front ends are a great boon for the engineers deploying/maintaining the system, and surely impress those making purchasing decisions, but analysts are more productive when they can get the information they need without going through 7 layers of menus, each with the latency between page loads associated with a web based interface. Steve On Wed, Apr 28, 2010 at 2:45 PM, Jeff Kell <jeff-kell () utc edu> wrote:
On 4/28/2010 12:27 PM, Stephen Mullins wrote:As an analyst I can tell you that Sguil is the best IDS analysis front end that I have ever seen. It blows anything web based out of the water.But it only scales up to a point (as many/most "IDS analysis" tools, each has their threshold of pain). Jeff ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alternative to BASE Curt Shaffer (Apr 28)
- Re: Alternative to BASE Kevin Johnson (Apr 28)
- Re: Alternative to BASE Curt Shaffer (Apr 28)
- Re: Alternative to BASE Kevin Johnson (Apr 28)
- Re: Alternative to BASE Curt Shaffer (Apr 28)
- Re: Alternative to BASE Stephen Mullins (Apr 28)
- Re: Alternative to BASE Jeff Kell (Apr 28)
- Re: Alternative to BASE Bamm Visscher (Apr 28)
- Re: Alternative to BASE Stephen Mullins (Apr 28)
- Upgraded to 2.8.6 and external network addresses James R. Marcus (Apr 29)
- Re: Upgraded to 2.8.6 and external network addresses Burks, Doug (Apr 29)
- Re: Upgraded to 2.8.6 and external network addresses James R. Marcus (Apr 29)
- Re: Upgraded to 2.8.6 and external network addresses Nick Moore (Apr 29)
- Re: Alternative to BASE Jeff Kell (Apr 28)
- Re: Alternative to BASE Kevin Johnson (Apr 28)