Snort mailing list archives
Re: There appears to be a bug in Base-1.4.5
From: Dustin Webber <dustin.webber () gmail com>
Date: Tue, 9 Oct 2012 18:53:53 -0400
Shawn, What is your "workflow"? I am curious to hear how snorby can't adapt to it. Also, Snorby supports StreaDB and OpenFPC and with the lookup source api in snorby adding CVE queries would be dead simple. Integration with you HIPS is another story since you didn't name the product you use but I bet that likely is already there as well. If I understood you correctly you are willing to jump start a dead project (mad vulns exist in the code base still un-patched) then commit to a new actively developer project? I'm not sure I understand the logic in this, can you explain more? - Dustin On Oct 9, 2012, at 6:43 PM, "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:
Who is officially the "maintainer" of BASE now? Is BASE 2.x still being worked on? Personally I like BASE 1.4.5, and have added a few features to my version of it that improves the analyst experience (IMO, and in my network). I've seen the messages about it being dead, and I've been thinking someone should take it over... (maybe even me, although I'm not a developer by trade, I can hack around in php... someone else would be better, but no one seems to be stepping up to the plate?) Some support is better than no support I guess? Snorby is probably a better option, but at the moment, the "workflow" in Snorby doesn't match my needs (and the fact I've made modifications to add CVE lookup to patch management, StreamDB and OpenFPC lookup, and also correlation with my HIPS product.) -----Original Message----- From: Castle, Shane [mailto:scastle () bouldercounty org] Sent: Tuesday, October 09, 2012 1:23 PM To: snort-users Subject: Re: [Snort-users] There appears to be a bug in Base-1.4.5 Actually, there are lots of bugs in BASE-1.4.5. And, the answer seems to be: nobody. You can go to the web site (http://base.secureideas.net/) and add your bug report to those already there (Under Support/Bug reporting) but it's not really going to be seen by anyone useful, and nothing will come of it. Yes, we might as well face it: BASE is dead. It was pretty good while it lasted, and I used it right up until I took the Security Onion pledge. Now my primary tool is the Sguil client and I rarely use Snorby (sorry, Dustin - I just don't like it). (Removed snort-team from CC list - they have zero interest in BASE and this is just noise to them.) -- Shane Castle Data Security Mgr, Boulder County IT ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: There appears to be a bug in Base-1.4.5, (continued)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Castle, Shane (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Joel Esler (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Joel Esler (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Dustin Webber (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jefferson, Shawn (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Dustin Webber (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jefferson, Shawn (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jefferson, Shawn (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Dustin Webber (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jefferson, Shawn (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Jeremy Hoel (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 Dustin Webber (Oct 09)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 10)
- Re: There appears to be a bug in Base-1.4.5 AllowOverride (Oct 10)