Snort mailing list archives
Re: Analyzing Snort Alerts and EMailing
From: Da Beave <dabeave () gmail com>
Date: Fri, 5 Sep 2014 20:46:42 -0400
Sagan is only "needed" if he wants to analyze logs. If he wants log (Windows logs, Syslog, etc) threats and IDS (Snort, Surivata) threats in one "pane of glass" (Snorby), then he will need it. On Wed, Sep 3, 2014 at 2:17 PM, Jeremy Hoel <jthoel () gmail com> wrote:
Sagan is not needed barnyard shouol dbe first.. get events into a DB (mysql) Then get snorby next (and all the parts that go with it - http, ruby, rails, wkhtmltopdf, etc) On Wed, Sep 3, 2014 at 12:11 PM, Matt M. <mr10001 () gmail com> wrote:I apologize for my ignorance here... trying to get everything straight in my head. I would like to try to setup Snorby to begin with, which requires a few prereqs (snort, git, ruby, sagan, etc.) Not too worried about those. However, I will also need to install a database and/or a web server, correct? Does Barnyard play into this at all? So to sum it all up, I would have to install the following to have Snorby up and running (minus the custom configurations): 1. Snort 2. Sagan 3. GIT 4. Ruby 5. Rails 6. ImageMagick 7. Wkhtmltopdf 8. Web Server (Apache?) 9. Database (PostgreSQL?) Thanks again! On Wed, Sep 3, 2014 at 12:57 PM, Weir, Jason <jason.weir () nhrs org> wrote:From the article “It hasn't been actively developed since about 2003” It’s a little dated – but will do what you asked for.. -J *From:* Matt M. [mailto:mr10001 () gmail com] *Sent:* Wednesday, September 03, 2014 1:47 PM *To:* Weir, Jason *Cc:* snort-users *Subject:* Re: [Snort-users] Analyzing Snort Alerts and EMailing Nice, thanks man, I just found this article... http://blog.snort.org/2011/01/guis-for-snort.html This was from 2011, hopefully it's not out of date... =/ On Wed, Sep 3, 2014 at 12:45 PM, Weir, Jason <jason.weir () nhrs org> wrote: Base (http://base.professionallyevil.com/) – Sure - it’s old, outdated and hasn’t been updated in quite a while but still works. *From:* Matt M. [mailto:mr10001 () gmail com] *Sent:* Wednesday, September 03, 2014 1:36 PM *To:* snort-users *Subject:* [Snort-users] Analyzing Snort Alerts and EMailing Hello All, I was wondering if anyone might be willing to recommend a good GUI tool for interacting with snort alerts and a process for having alerts automatically emailed? At the moment I'm looking at ACID and I'm curious if this is my best bet. I would prefer to use a database over a script. I'm using OSX as well, so any tips would be greatly appreciated. Thank you, -- M., CISSP, GCFE, GCFA *“**To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler* -- Matt M., CISSP, GCFE, GCFA *“**To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler*-- Matt M., CISSP, GCFE, GCFA *“*To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.*”* -*John Wheeler* ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Analyzing Snort Alerts and EMailing Matt M. (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Weir, Jason (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Matt M. (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Weir, Jason (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Matt M. (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Jeremy Hoel (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Sharif Uddin (Sep 04)
- Re: Analyzing Snort Alerts and EMailing Matt M. (Sep 04)
- Re: Analyzing Snort Alerts and EMailing Da Beave (Sep 05)
- Re: Analyzing Snort Alerts and EMailing Matt M. (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Weir, Jason (Sep 03)
- Re: Analyzing Snort Alerts and EMailing Matt M. (Sep 03)