Snort mailing list archives
Re: Defense center
From: "Richard Harman Jr (rharmanj)" <rharmanj () cisco com>
Date: Tue, 25 Feb 2014 16:37:32 +0000
The snort agent exists & still works for pulling events into a 4.10.x source fire DC, but it was discontinued for the 5.x series. Richard Harman rharmanj () cisco com<mailto:rharmanj () cisco com> / rharmanj () sourcefire com<mailto:rharmanj () sourcefire com> Threat Intelligence Team, Sourcefire VRT Sourcefire, Inc (now a part of Cisco) From: Jeremy Hoel <jthoel () gmail com<mailto:jthoel () gmail com>> Date: Tuesday, February 25, 2014 at 11:25 AM To: SnortFan <SnortFan () yahoo com<mailto:SnortFan () yahoo com>> Cc: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: Re: [Snort-users] Defense center SourceFire used to have an agent that you could run on snort boxes to feed to DC. I don't know if they still do now. It was limited in scope, only taking snort events but not a way to manage a single point for the rules. This was 2 years ago that we had talked to a sales guy. If they don't they will probably recommend the virtual SF. For what its worth we have 11 Sourcefire devices and 50+ snort sensors and we do no do what you are asking about. At the time the cost for the agents plus the cost for the larger Defense Center (something that you need to remember will probably need to be increased too) made it very expensive. We instead use snorby for snort stuff and then feed both sets of alert into Splunk for reporting and quick research. I would reach out to a SourceFire sales person for updated info. On Feb 25, 2014 8:52 AM, "SnortFan" <SnortFan () yahoo com<mailto:SnortFan () yahoo com>> wrote: Hi All, Does anyone know if it's possible to feed snort alerts into source fire's defense center? We're looking into adding in a source fire product and thus having a mixed environment. Thanks, Ed Sent from a mobile device. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Defense center SnortFan (Feb 25)
- Re: Defense center Jeremy Hoel (Feb 25)
- Re: Defense center Richard Harman Jr (rharmanj) (Feb 25)
- Re: Defense center Jeremy Hoel (Feb 25)