Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort + ossec

From: lists () packetmail net
Date: Wed, 17 Feb 2016 08:05:34 -0600
On 02/17/16 05:41, ARUN LAL wrote:



We are planning to add snort rules to ossec for monitoring. How to configure
snort sid in local_rules.xml. We need most critical snort id for monitor. Please
provide us with the most important or most critical snort ids. 


1) Read the OSSEC documentation, it's very well written, and self-explanatory.
Using a syslog daemon, such as syslog-ng, that is capable of steering messages
from various hosts to a centralized location would provide OSSEC the ability to
monitor multiple Snort instances from a central daemon.

2) The most valuable rules will depend on the existing security controls at your
organization, your demographic, your exposure level, and your network
infrastructure.  This is something you'll need to determine as it suits your
organizational needs.

Cheers,
Nathan

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: