Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE or Snort Report ???

From: Martin Holste <mcholste () gmail com>
Date: Wed, 5 Jan 2011 08:57:24 -0600
I second the vote for Splunk for ease-of-use and
report-on-anything-instantly capability.  You will almost certainly
not go above 500 MB/day of just Snort alerts, so it works very well.
It's also great for being able to produce shiny things for management.
 For an analyst, it is really helpful to be able to create and save
custom searches.  For instance, a single click to execute the "find
all trojan alerts" or maybe another for any sig containing "FakeAV."
If Snort eventually gets tagging for its signatures, you can see how
this will all get even better.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: