Snort mailing list archives
Re: snort + ossec
From: lists () packetmail net
Date: Wed, 17 Feb 2016 08:05:34 -0600
On 02/17/16 05:41, ARUN LAL wrote:
We are planning to add snort rules to ossec for monitoring. How to configure snort sid in local_rules.xml. We need most critical snort id for monitor. Please provide us with the most important or most critical snort ids.
1) Read the OSSEC documentation, it's very well written, and self-explanatory. Using a syslog daemon, such as syslog-ng, that is capable of steering messages from various hosts to a centralized location would provide OSSEC the ability to monitor multiple Snort instances from a central daemon. 2) The most valuable rules will depend on the existing security controls at your organization, your demographic, your exposure level, and your network infrastructure. This is something you'll need to determine as it suits your organizational needs. Cheers, Nathan ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort + ossec ARUN LAL (Feb 17)
- Re: snort + ossec lists (Feb 17)