Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Snort Analisys platform

from [Sam Evans] Network Security [Permanent Link]
Subject: Re: [Snort-users] Snort Analisys platform
Date: Sun, 28 Nov 2004 14:37:08 -0700 
Wow, what you have so far looks fantastic!!!


On Sun, 28 Nov 2004 18:44:18 +0100 (CET), Andreas Östling
<andreaso@it.su.se> wrote:



Not yet, but I'm playing with a tool called Pigris that I hope I'll have
time to finish and release some time (I don't know when though). It has
the look and feel of a web-based alert browser but is a client written in
Perl/Tk that talks to the db. It works well with many sensors and events
and has some other useful features too. There are some early screenshots
and more info at http://people.su.se/~andreaso/pigris/screenshots/ if
you're interested.

You may also want to checkout Sguil at http://sguil.sf.net/. It scales
well but kind of assumes that every event (or correlated group of events)
has to be dealt with by an analyst. This can be a huge strength in some
environments but I'm not sure it would work well if you have 2 million
events a day (are your sigs really optimally tuned?)

/Andreas

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] Testy Message - Do Not Reply, Michael Steele
Next by Date:  RE: [Snort-users] Snort Analisys platform, Harper, Patrick
Previous by Thread:  Re: [Snort-users] Snort Analisys platform, Andreas Östling
Next by Thread:  RE: [Snort-users] Snort Analisys platform, Harper, Patrick
Indexes:  [Date] [Thread] [Top] [All Lists]