Re: Analyzing Snort Alerts and EMailing

[Sharif Uddin <Sharif.Uddin () spectrumasa com>]

I just recently installed snort, barnyard2, snorby on centos 7, however im using it as an IDS

If you want instructions on how to install and set up I can email it.



From: Jeremy Hoel [mailto:jthoel () gmail com]
Sent: 03 September 2014 19:17
To: Matt M.
Cc: snort-users
Subject: Re: [Snort-users] Analyzing Snort Alerts and EMailing

Sagan is not needed
barnyard shouol dbe first.. get events into a DB (mysql)
Then get snorby next (and all the parts that go with it - http, ruby, rails, wkhtmltopdf, etc)


On Wed, Sep 3, 2014 at 12:11 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote:
I apologize for my ignorance here...  trying to get everything straight in my head.

I would like to try to setup Snorby to begin with, which requires a few prereqs (snort, git, ruby, sagan, etc.)  Not 
too worried about those.

However, I will also need to install a database and/or a web server, correct?  Does Barnyard play into this at all?

So to sum it all up, I would have to install the following to have Snorby up and running (minus the custom 
configurations):

1. Snort
2. Sagan
3. GIT
4. Ruby
5. Rails
6. ImageMagick
7. Wkhtmltopdf
8. Web Server (Apache?)
9. Database (PostgreSQL?)

Thanks again!


On Wed, Sep 3, 2014 at 12:57 PM, Weir, Jason <jason.weir () nhrs org<mailto:jason.weir () nhrs org>> wrote:
From the article

“It hasn't been actively developed since about 2003”

It’s a little dated – but will do what you asked for..

-J

From: Matt M. [mailto:mr10001 () gmail com<mailto:mr10001 () gmail com>]
Sent: Wednesday, September 03, 2014 1:47 PM
To: Weir, Jason
Cc: snort-users
Subject: Re: [Snort-users] Analyzing Snort Alerts and EMailing

Nice, thanks man, I just found this article...

http://blog.snort.org/2011/01/guis-for-snort.html

This was from 2011, hopefully it's not out of date... =/

On Wed, Sep 3, 2014 at 12:45 PM, Weir, Jason <jason.weir () nhrs org<mailto:jason.weir () nhrs org>> wrote:
Base (http://base.professionallyevil.com/) – Sure - it’s old, outdated and hasn’t been updated in quite a while but 
still works.

From: Matt M. [mailto:mr10001 () gmail com<mailto:mr10001 () gmail com>]
Sent: Wednesday, September 03, 2014 1:36 PM
To: snort-users
Subject: [Snort-users] Analyzing Snort Alerts and EMailing

Hello All,

I was wondering if anyone might be willing to recommend a good GUI tool for interacting with snort alerts and a process 
for having alerts automatically emailed?

At the moment I'm looking at ACID and I'm curious if this is my best bet.  I would prefer to use a database over a 
script.

I'm using OSX as well, so any tips would be greatly appreciated.

Thank you,
--
M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. 
So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. 
So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. 
So maybe I’ll end up loving your theory.” -John Wheeler

------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or 
parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt 
from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, 
copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify 
the sender immediately and delete the original message without making any copies. Copyright in this email and any 
attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses 
or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered 
office: 95 Aldwych, London WC2B 4JF.

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!