Re: Analyzing Snort Alerts and EMailing

[Da Beave <dabeave () gmail com>]

Sagan is only "needed" if he wants to analyze logs.   If he wants log
(Windows logs, Syslog, etc) threats and IDS (Snort,  Surivata) threats in
one "pane of glass" (Snorby), then he will need it.




On Wed, Sep 3, 2014 at 2:17 PM, Jeremy Hoel <jthoel () gmail com> wrote:

> Sagan is not needed
>
> barnyard shouol dbe first.. get events into a DB (mysql)
>
> Then get snorby next (and all the parts that go with it - http, ruby,
> rails, wkhtmltopdf, etc)
>
>
>
>
> On Wed, Sep 3, 2014 at 12:11 PM, Matt M. <mr10001 () gmail com> wrote:
>
> > I apologize for my ignorance here...  trying to get everything straight
> > in my head.
> >
> > I would like to try to setup Snorby to begin with, which requires a few
> > prereqs (snort, git, ruby, sagan, etc.)  Not too worried about those.
> >
> > However, I will also need to install a database and/or a web server,
> > correct?  Does Barnyard play into this at all?
> >
> > So to sum it all up, I would have to install the following to have Snorby
> > up and running (minus the custom configurations):
> >
> > 1. Snort
> > 2. Sagan
> > 3. GIT
> > 4. Ruby
> > 5. Rails
> > 6. ImageMagick
> > 7. Wkhtmltopdf
> > 8. Web Server (Apache?)
> > 9. Database (PostgreSQL?)
> >
> > Thanks again!
> >
> >
> >
> > On Wed, Sep 3, 2014 at 12:57 PM, Weir, Jason <jason.weir () nhrs org> wrote:
> >
> > >  From the article
> > >
> > >
> > >
> > > “It hasn't been actively developed since about 2003”
> > >
> > >
> > >
> > > It’s a little dated – but will do what you asked for..
> > >
> > >
> > >
> > > -J
> > >
> > >
> > >
> > > *From:* Matt M. [mailto:mr10001 () gmail com]
> > > *Sent:* Wednesday, September 03, 2014 1:47 PM
> > > *To:* Weir, Jason
> > > *Cc:* snort-users
> > > *Subject:* Re: [Snort-users] Analyzing Snort Alerts and EMailing
> > >
> > >
> > >
> > > Nice, thanks man, I just found this article...
> > >
> > >
> > >
> > > http://blog.snort.org/2011/01/guis-for-snort.html
> > >
> > >
> > >
> > > This was from 2011, hopefully it's not out of date... =/
> > >
> > >
> > >
> > > On Wed, Sep 3, 2014 at 12:45 PM, Weir, Jason <jason.weir () nhrs org>
> > > wrote:
> > >
> > > Base (http://base.professionallyevil.com/) – Sure - it’s old, outdated
> > > and hasn’t been updated in quite a while but still works.
> > >
> > >
> > >
> > > *From:* Matt M. [mailto:mr10001 () gmail com]
> > > *Sent:* Wednesday, September 03, 2014 1:36 PM
> > > *To:* snort-users
> > > *Subject:* [Snort-users] Analyzing Snort Alerts and EMailing
> > >
> > >
> > >
> > > Hello All,
> > >
> > >
> > >
> > > I was wondering if anyone might be willing to recommend a good GUI tool
> > > for interacting with snort alerts and a process for having alerts
> > > automatically emailed?
> > >
> > >
> > >
> > > At the moment I'm looking at ACID and I'm curious if this is my best
> > > bet.  I would prefer to use a database over a script.
> > >
> > >
> > >
> > > I'm using OSX as well, so any tips would be greatly appreciated.
> > >
> > >
> > >
> > > Thank you,
> > > --
> > >
> > > M., CISSP, GCFE, GCFA
> > >
> > > *“**To disagree leads to study, to study leads to understanding, to
> > > understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> > > loving your theory.” -John Wheeler*
> > >
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Matt M., CISSP, GCFE, GCFA
> > >
> > > *“**To disagree leads to study, to study leads to understanding, to
> > > understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> > > loving your theory.” -John Wheeler*
> >
> >
> >
> > --
> > Matt M., CISSP, GCFE, GCFA
> >
> > *“*To disagree leads to study, to study leads to understanding, to
> > understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> > loving your theory.*”* -*John Wheeler*
> >
> >
> > ------------------------------------------------------------------------------
> > Slashdot TV.
> > Video for Nerds.  Stuff that matters.
> > http://tv.slashdot.org/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!