Re: BASE and Snorby running together

[Dustin Webber <dustin.webber () gmail com>]

Shawn,

Can you elaborate on what you mean by "Unique IP Links" and "Unique
Alerts"?

Do you mean unique signatures/rules or does BASE do event correlation now
based on event attributes? If not.. then this would be the signature
listing in snorby.. but either way it's pretty pointless.

Unique IP Links. not sure what this means.. but if you mean unique IP's
snorby generates metrics for unique src/dst every 30 mins.. every day.
Click the pie chart to drill into the events for that address.

Either way, can you explain to me why this information is so critical
someone would use Snorby in conjunction with BASE.

- Dustin

Dustin W. Webber
Dustin.Webber () gmail com
(913) 375-2798


On Wed, Feb 22, 2012 at 3:55 PM, Jefferson, Shawn <
Shawn.Jefferson () bcferries com> wrote:

>  On the demo, I noticed that Snorby didn’t seem to have the same
> functionality as the “Unique IP Links”, and “Unique Alerts” that BASE has?
> Maybe I just missed how to view alerts in that way?
>
>
>
>
>  ------------------------------
>
> *From:* Dustin Webber [mailto:dustin.webber () gmail com]
> *Sent:* February 22, 2012 12:41 PM
> *To:* Jan Seidl
> *Cc:* security-onion () googlegroups com; snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] BASE and Snorby running together
>
>
>
> Just curious.. What are the features that snorby does not have? Last time
> I checked snorby shadowed BASE in every area and then some.
>
> - Dustin
>
>
> On Feb 22, 2012, at 3:06 PM, Jan Seidl <lists () heavyworks net> wrote:
>
>  Shane, have you tried sguil with squert?
>
> On Feb 22, 2012 3:04 PM, "Castle, Shane" <scastle () bouldercounty org>
> wrote:
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>
>  _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!