Snort mailing list archives
Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 22 Jul 2013 17:54:48 -0400
On 7/22/2013 17:28, mulhern wrote:
plus, i do not run barnyard ;) O:)
Oh, how do you use Snort then? I was getting the impression that the accepted
way was to plunk Snort output to unified for speed and then have barnyard decode
what it's got.
what do you mean? snort runs on its own... nothing else is needed... all the
other tools are for correlating the alerts with the traffic and other activities
on the network so that blocks can be initiated or dropped, infestations can be
detected and possibly blocked while letting the infested machine's owner know
about the infestation and other similar tasks...
in my case, i use an auto-response tool that reacts to snorts alerts... that
tool initiates and manages automatic blocking of IPs causing alerts to be raised
by snort... my users are taught that if they cannot get to some site or there is
a problem downloading files, they are to ask the security team to check and see
if the site was blocked... at that point, it is up to the security team and
management to decide if the block is proper or should be dismissed... depending
on the situation, the user may even receive a reprimand for trying to go to a
site that is not allowed by network policy...
aside from all of that, we use the raw pcaps and the information from the snort
alert... we don't really need anything else at this time... no fancy graphs, no
fancy charts and no reports... management doesn't have time for all that
muckity-muck and we're not going to give it to them anyway O:)
-BOfH-
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file mulhern (Jul 22)
- Re: Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file waldo kitty (Jul 22)