Snort mailing list archives
Re: can we setup acid with snort ++
From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Thu, 14 Jun 2018 17:35:14 +0200
I'm a huge fan of Splunk (or alternately the ELK stack, which is similar). Both are cross-platform (i believe you can install the ELK stack on windows, according to google) and have a lot of power. plus these systems work well as SIEM's when you ingest other security log data in addition to your Snort events to help get a bigger picture of your threats and attackers. I've successfully setup Snort3 with Splunk and the ELK stack using the new JSON output, and it worked really well. Noah On Thu, Jun 14, 2018 at 4:52 PM, Joel Esler (jesler) via Snort-users < snort-users () lists snort org> wrote:
On Jun 14, 2018, at 8:45 AM, Marcin Dulak via Snort-users < snort-users () lists snort org> wrote: On Thu, Jun 14, 2018 at 2:19 PM, <wkitty42 () windstream net> wrote:On 06/13/2018 06:28 PM, Michael Steele wrote:Joe, I hope you will also be thinking about Windows users when you are working on a Snort 3.0 solution for a GUI.do we really need a new GUI - can't elasticsearch/kibana be used or https://github.com/jasonish/evebox? Marcin I have an idea for a different kind of GUI. But yes, elasticsearch/kibana with Snort 3 can certainly be used with the json output module. -- *Joel Esler* Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is- the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- can we setup acid with snort ++ bz Os via Snort-users (Jun 08)
- Re: can we setup acid with snort ++ Joel Esler (jesler) via Snort-users (Jun 13)
- Re: can we setup acid with snort ++ Russ via Snort-users (Jun 13)
- Re: can we setup acid with snort ++ Michael Steele (Jun 13)
- Re: can we setup acid with snort ++ Michael Steele (Jun 13)
- Re: can we setup acid with snort ++ wkitty42 (Jun 14)
- Re: can we setup acid with snort ++ Marcin Dulak via Snort-users (Jun 14)
- Re: can we setup acid with snort ++ Joel Esler (jesler) via Snort-users (Jun 14)
- Re: can we setup acid with snort ++ Noah Dietrich (Jun 14)
- Re: can we setup acid with snort ++ Russ via Snort-users (Jun 13)
- Re: can we setup acid with snort ++ Joel Esler (jesler) via Snort-users (Jun 13)