RE: dragon and snort logs

• Moderator: While this message is not the most vendor-neutral post I have ever made, there is no other way to reply to the previous message. I hope you understand. Please let me know if anything should be changed as the points made my Brian should be responsibly addressed. Thanks!

>
> It is a fairly common occurrence for Enterasys customers to use snort.
signatures
> into a policy lib file so you can use their HIDS to monitor snort log

Brain is absolutely correct. Many people start using Snort since they first learn how to use IDS though courses like SANS and other introductory courses. Additionally, since Snort is free, it is easy for administrators to use it for initial design and implementation testing. We've seen many people do this while testing solutions from vendors.

After the initial stages of an IDS network design, many people upgrade to commercial implementations. When they do, we try our best to support any existing infrastructure they may have. If they have already taken the time to write custom signatures for their existing IDS, we will work with them to import those to Dragon, since Dragon is one of the few commercial solutions to have a fully open signature set - whether the initial implementation was Snort or otherwise. Interestingly enough, we're running into Snort less and less. Now we're needing to convert signatures from the other market leaders since they are starting to open up the ability to write custom detection routines.

The tool you reference is one of the tools which Dragon customers have developed for the Dragon community. Being on the Dragonuser mailing list, you should know about how people contribute data mining tools, signatures, and other conversion utilities. If you have missed those, they are freely available on our support site.

>
> Ask your Enterasys support person for help if you can't figure out
their
> tools.
>

In addition to field support engineers all over the world, you can also utilize our global support call centers, or the rest of the Dragon community on the Dragonuser list.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek