Re: Barnyard2 alternatives?

[Doug Burks <doug.burks () gmail com>]

On Tue, Aug 4, 2015 at 8:53 AM, Richard Monk <rmonk () redhat com> wrote:
> We took a look at Sguil/Squert and were unimpressed with the feature set (in
> fact, we're slowly getting rid of snorby for the same reason).  I'll take a look
> again.
>
> Right now, we like having the packet data that comes with "native" DB storage,
> although we're spinning up full packet capture/Bro to offset needing that as well.

The Sguil database stores the same alert payload data that the Snorby
database does.  In addition, Sguil makes it very easy to pivot to full
packet capture.  You can also easily add a hook to Sguil/Squert to
search for relevant Bro logs.

-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!