Snort mailing list archives
Re: New IDS best practise
From: Martin Holste <mcholste () gmail com>
Date: Thu, 17 Nov 2011 15:11:51 -0600
All good advice. One other thing to consider: once you get your IDS up and running, you're going to need pcap data so you can see what your alerts were. At the very least, you're going to need URL logs. For pcap, you can go the simple route with daemonlogger, more complicated with sancp, or for a more web-oriented approach, you can go with my StreamDB.googlecode.com project which integrates with Snorby. There's also OpenFPC with Snorby integration, but I wrote StreamDB because it is faster and I rarely need non-web data. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- New IDS best practise Michael Maymann (Nov 16)
- Re: New IDS best practise Mark W. Jeanmougin (Nov 17)
- Re: New IDS best practise Kevin Ross (Nov 17)
- Re: New IDS best practise Martin Holste (Nov 17)
- Re: New IDS best practise Joel Esler (Nov 17)
- Re: New IDS best practise Martin Holste (Nov 17)
- Re: New IDS best practise beenph (Nov 17)
- Re: New IDS best practise Martin Holste (Nov 17)
- Re: New IDS best practise beenph (Nov 17)
- Re: New IDS best practise Martin Holste (Nov 17)
- Re: New IDS best practise Dustin Webber (Nov 17)