Snort mailing list archives
Re: what is the latest IDS management tool ?
From: "Rodgers, Anthony (DTMB)" <RodgersA1 () michigan gov>
Date: Fri, 29 May 2015 11:33:03 +0000
You can't do much worse than SecurityOnion - it includes Sguil (for real-time alert management - still the best out there, IMHO) and Snorby or Squert for roll-up reporting. -- Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) DTMB, Michigan Cyber Security From: Marcio Guerreiro [mailto:marcio.guerreiro () hotmail co uk] Sent: Friday, May 29, 2015 06:16 To: 'snort-users' Subject: [Snort-users] what is the latest IDS management tool ? Hi everyone I am looking for the latest SNORT IDS management tool to send alerts via email, display graphical interface, etc. I have been reading a lot of books that mention Snort SAM, Snortfw, guardian, EasyIDS, ELSA, IDScenter, however it seems that those tools are 5 to 10 years old. I would like to know what is the latest and updated management tool that is being used to send email alerts and as management console in the market. Thank you very much in advance. Marcio Guerreiro From: Robert Lasota [mailto:wrkilu () wp pl] Sent: 29 May 2015 08:51 To: snort-users Subject: [Snort-users] PulledPork stopped updating and starts duplicate Hi, Did somebody meet with such strange case ? I mean, I had working Pulledpork, then I changed someting (but even I don't know what because I turned out later about that), and now duting run it doesn't display what it update/change in rules and laso it start diplicate rules! After every next run I get in rules directory thse same files with rules but with added the same rules as later :( ./pulledpork.pl -P -k -I security -c etc/pulledpork.conf http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.0 - Swine Flu! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings @_/ / 66\_ cummingsj () gmail com<mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-2962.tar.gz for work.... Done! Reading rules... Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf.... Modified 0 rules Done Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf.... Modified 0 rules Done Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf.... Modified 0 rules Done Setting Flowbit State.... Enabled 777 flowbits Enabled 25 flowbits Enabled 4 flowbits Enabled 2 flowbits Done Writing rules to unique destination files.... Writing rules to /tmp/rules/ Done Generating sid-msg.map.... Done Writing v1 /tmp/sid-msg.map.... Done Fly Piggy Fly! [root@FIREGATE pulledpork-0.7.0] What is going on ? Robert
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- what is the latest IDS management tool ? Marcio Guerreiro (May 29)
- Re: what is the latest IDS management tool ? Rodgers, Anthony (DTMB) (May 29)