Snort mailing list archives
Re: Snort Alert Processing Survey
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Wed, 15 Mar 2017 12:46:37 -0500
I wrote my own output processor that talks to an escalation handler (also home grown). On Wed, Mar 15, 2017 at 11:29 AM, <wkitty42 () windstream net> wrote:
On 03/14/2017 07:50 PM, James Lay wrote:On Tue, 2017-03-14 at 13:48 -0700, m-one wrote:1. I'm wondering how the vast millions of Snort Users are monitoring Snort alerts? So please, let's here it -- how are you answering the question is my Snort application effective? Where do you look to examine Snort Alerts?tail -f snort.fast sguil for interesting hits (doesn't show portscany noise)over here we tail the alert file and parse it with an application... that application could report to a database if one desired to go that route... our app is an active response tool that issues IP blocking rules based on its configuration... tuning snort and the app is about the worst part but once tuned, everything is very nice... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- BASE 1.4.5 Non-Operational on Fedora 25 m-one (Mar 13)
- Re: BASE 1.4.5 Non-Operational on Fedora 25 Marcin Dulak (Mar 13)
- Snort Alert Processing Survey m-one (Mar 14)
- Re: Snort Alert Processing Survey James Lay (Mar 14)
- Re: Snort Alert Processing Survey wkitty42 (Mar 15)
- Re: Snort Alert Processing Survey Jack Pepper (Mar 15)
- Re: Snort Alert Processing Survey Marcin Dulak (Mar 15)
- Snort Alert Processing Survey m-one (Mar 14)
- Re: Snort Alert Processing Survey eagleliujin () 163 com (Mar 16)
- Re: BASE 1.4.5 Non-Operational on Fedora 25 Marcin Dulak (Mar 13)
- Re: Snort Alert Processing Survey Gregory (Greg) Nowicki (Mar 21)
- Snort Bridge in Snort-IPS-Tutorial.pdf B (Mar 26)
- Bridging issue inline B (Mar 28)
- Re: Bridging issue inline wkitty42 (Mar 28)
- Message not available
- Message not available
- Re: Bridging issue inline B (Mar 29)
- Re: Snort Alert Processing Survey Jim Hranicky (Mar 27)