Snort mailing list archives
Re: Snort sensor general?
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 17 Apr 2012 14:56:56 -0600
OSSEC += 1 Exactly what it was designed to do. -----Original Message----- From: Castle, Shane [mailto:scastle () bouldercounty org] Sent: Tuesday, April 17, 2012 11:41 AM To: Jeremy Hoel; Corbin Fletcher Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort sensor general? This is right up OSSEC's alley. -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: Jeremy Hoel [mailto:jthoel () gmail com] Sent: Tuesday, April 17, 2012 12:23 To: Corbin Fletcher Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort sensor general? Wouldn't that be more of a HIDS function.. on the host vs looking to see if it got created or not on the network? Maybe try AIDE? On Tue, Apr 17, 2012 at 5:48 PM, Corbin Fletcher <corbin () freeway com> wrote:
Hello All, I have be preforming some initial research into the capability of a Snort sensor. My working knowledge of Snort is quite limited. Considering that we want to implement Snort as an NIDS, my question is, can Snort monitor for file creation in directory /var/www/html/admin/ on a remote host? For example, we have Snort running at the edge of our network and we have physical servers host-00 and host-01. We need Snort to send an email alert if a file is created or modified (unwanted manipulation) in /var/www/html/admin/ on host-00 and host-01. Is it possible to configure Snort to check file system integrity and how is this achieved? Thanks in Advance...in guidance is much appreciated. -- Corbin Fletcher Freeway Communications LLC 800 S. Hope St., Suite 101 Los Angeles, CA 90017 Ph: 213.225.2200 x115 ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort sensor general? Corbin Fletcher (Apr 17)
- Re: Snort sensor general? Jeremy Hoel (Apr 17)
- Re: Snort sensor general? Castle, Shane (Apr 17)
- Re: Snort sensor general? Jefferson, Shawn (Apr 17)
- Re: Snort sensor general? Heine Lysemose (Apr 18)
- Re: Snort sensor general? Faegheh Majidzadeh (Apr 18)
- Re: Snort sensor general? Castle, Shane (Apr 17)
- Re: Snort sensor general? Jeremy Hoel (Apr 17)