Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE or Snort Report ???

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 4 Jan 2011 14:39:58 -0700
What I'm doing, is sending Snort alerts to syslog as well.  And then syslog is being sent to my SIEM (RSA Envision).  
The SIEM can send email based on various criteria.  Also, OSSEC can be installed on your Snort machine and it 
understands Snort alerts, and you can configure it to alert on whatever you wish.

Most of the time though, I just check BASE.

________________________________________
From: Garland, Ken R [mailto:garlandkr () gmail com] 
Sent: Tuesday, January 04, 2011 1:02 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] BASE or Snort Report ???

Use something else for notification purposes like sec.pl or other notification/monitoring tools. Snorby/BASE are not 
really meant for that, they are, for lack of a better term, data mining tools. Sure you can see a live view in Snorby 
but if you want to get that close to the metal would you really put yourself in front of a gui web app with potential 
delay?
<snip>

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: