Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snorby opinions

From: Dustin Webber <dustin.webber () gmail com>
Date: Mon, 6 Jun 2011 13:38:06 -0400
All,

I would like to clarify that I was talking about the languages -- not
applications written in them. If you're a good programmer you could build
amazing applications with anything. Just consider all languages before you
start a new project. If that language works best for the job... then use it.
(except php.. never use that.)

Honestly.. we should all be writing in TCL anyways...

Dustin W. Webber
Dustin.Webber () gmail com

On Mon, Jun 6, 2011 at 12:30 PM, Dustin Webber <dustin.webber () gmail com>wrote:


Snorby is not about being `flashy` - It's about proper interface design and
workflow. The ability to produce metrics and quickly navigate
(hotkeys), classify and investigate are a few of snorbys strengths.

Snorby will be moving to a custom collection/processing system soon using
my unified2 lib (https://github.com/mephux/unified2) and the
snorby-collect cl tool (https://github.com/Snorby/snorby-collect). This
will open a few doors for snorby users likes event
preprocessing/categorization before insert/storage using a simple and clean
DSL (Like a unified2 ORM - supporting all modern datastores: key/value,
mongodb etc..). You will have the ability to design the datastore to fit
your needs and snorby will just sit on top with a translation layer.

The security community seems to have a personal vendetta with design and
new technology. I'm not sure I will ever fully understand why but in my eyes
if we don't start moving forward and accepting UX theory
and incorporating new technologies (yes, lets stop using perl and php
please) we will never evolve. </rant>

Sometimes pretty does not mean gimmick, we just cared about it.

Dustin W. Webber
Dustin.Webber () gmail com


On Mon, Jun 6, 2011 at 12:06 PM, Jefferson, Shawn <
Shawn.Jefferson () bcferries com> wrote:


I'm one of those BASE people still... It's difficult to move off of it
now, since I've modified it to link with my patch management and AV/HIPS
products (as well as StreamDB and OpenFPC).

What does Snorby give you that BASE doesn't (besides a much flashier GUI?)

-----Original Message-----
From: Martin Holste [mailto:mcholste () gmail com]
Sent: Sunday, June 05, 2011 9:58 AM
To: Lay, James
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snorby opinions

Snorby is great--anyone still messing around with BASE is missing out!

Also, if you want a ridiculously fast packet capture tool to integrate
with Snorby, you can use StreamDB (streamdb.googlecode.com) as a
drop-in replacement for OpenFPC (Snorby hooks into OpenFPC under
"Packet Capture Options").  Your packets (streams in this case) will
load instantaneously (versus a minute or more with OpenFPC on large
pcaps).

On Fri, Jun 3, 2011 at 10:02 AM, Lay, James <james.lay () wincofoods com>
wrote:

Hey all!



Topic says it..anyone run Snorby here?  Would love to get some

opinions.I'm

needing something more.."pretty" (though personally I think tailing

.fast

logs in a console is pretty).  Thanks for any input.



James



------------------------------------------------------------------------------

Simplify data backup and recovery for your virtual environment with

vRanger.

Installation's a snap, and flexible recovery options mean your data is

safe,

secure and there when you need it. Discover what all the cheering's

about.

Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with
vRanger.
Installation's a snap, and flexible recovery options mean your data is
safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with
vRanger.
Installation's a snap, and flexible recovery options mean your data is
safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today. 
http://p.sf.net/sfu/quest-dev2dev2 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: