Re: snort as HIDS

[Da Beave <dabeave () gmail com>]

If you want to use a 'snort like' HIDS,   check out Sagan (http://Sagan.io)
.  it's a multithreaded log analysis engine with snort like rules.

On Jul 6, 2016 4:36 PM, "Lamont, Brian A." <Brian.Lamont () gd-ms com> wrote:

> We have a very basic configuration of snort deployed across our linux/unix
> systems, and we are being told that snort is not host intrustion tool,
> although that is what we have configured it to be.    Could I get an
> argument that supports the use of Snort on Linux/Solaris as a host
> intrustion tool, any supporting names of the features, software, etc. that
> prove its use as a HIDS?
>
>
>
> Thank you!
>
>
>
>
>
> *Brian Lamont*
>
> *Unix Systems Admin*
>
>
>
> [image: Mission-Systems-logo-2col]
>
> *Desk:  480 586-9986 <480%20586-9986>*
>
> *Cell:     480 209-8751 <480%20209-8751>*
>
> brian.lamont () gd-ms com
>
>
>
> This message and/or attachments may include information subject to GD
> Corporate Policies 07-103 and 07-105 and is intended to be accessed only by
> authorized recipients.  Use, storage and transmission are governed by
> General Dynamics and its policies. Contractual restrictions apply to third
> parties.  Recipients should refer to the policies or contract to determine
> proper handling.  Unauthorized review, use, disclosure or distribution is
> prohibited.  If you are not an intended recipient, please contact the
> sender and destroy all copies of the original message.
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!