Hosting Provided By

RE: Snort console recommendation

From: Eric Hines <eric.hines(at)appliedwatch.com>
Date: Mon Jul 07 2003 - 11:06:41 EDT

Paul,

Thank you for the awesome feedback. Actually, we originally supported the customer's previous Snort installation but found that 95% of the people had problems getting it all to work together, whether it was PostgreSQL problems or Snort itself. We found that the most simplest solution would be to simply install Snort and the SQL database itself.

However, in our move towards being the first SIM to support almost every popular open-source security application available (Tripwire, PF, IPF, IPChains, Hogwash, Prelude, et. al), we realized we needed to move away from packaging the sensor with our agent. Therefore, our next version of 2.0 will support a previous install.

Regards,
Eric Hines

Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines@appliedwatch.com

Direct: (877) 262-7593 - Toll Free x327
Fax: (815) 425-2173
General: (877) 262-7593 (9am-5pm CST)

Quoting Paul Schmehl <pauls@utdallas.edu>:

> Unfortunately, your product requires a proprietary agent on the sensor and
> does not support acquiring data from databases such as mysql, postgresql or
> oracle that are already out there and configured.
>
> Which leads to my question. Why is everyone so insistent on building their
> own "infrastructure" to snort rather than using what already exists? Is it
> really that difficult to extract data from the default fields in the db? I
> understand the reason for having to design a log extractor, but snort
> already feeds a database. ISTM you could simply query what's there and be
> done with it.
>
> Or am I totally off base?
>
> --On Monday, July 07, 2003 07:27:01 AM -0700 Eric Hines
> <eric.hines@appliedwatch.com> wrote:
>
> > Marcelo,

The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, and distributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.

Received on Mon Jul 7 16:13:21 2003

Do you need help?

This message: [ Message body ]
Next message: Diego González: "IDS document"
Previous message: Sean Brown: "RE: Snort console recommendation"
In reply to: Paul Schmehl: "RE: Snort console recommendation"
In reply to Eric Hines: "RE: Snort console recommendation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:16 EDT