Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Snort-users] what is the latest IDS management tool ?

0 views
Skip to first unread message

Marcio Guerreiro

unread,
May 29, 2015, 6:18:26 AM5/29/15
to

Hi everyone

 

I am looking for the latest SNORT IDS management tool to send alerts via email, display graphical interface, etc.

 

I have been reading a lot of books that mention  Snort SAM, Snortfw, guardian, EasyIDS, ELSA, IDScenter, however it seems that those tools are 5 to 10 years old.

 

I would like to know what is the latest and updated management tool that is being used to send email alerts and as management console in the market.

 

Thank you very much in advance.

 

Marcio Guerreiro

 

 

 

 

From: Robert Lasota [mailto:wrk...@wp.pl]
Sent: 29 May 2015 08:51
To: snort-users
Subject: [Snort-users] PulledPork stopped updating and starts duplicate

 

Hi,


Did somebody meet with such strange case ? I mean, I had working Pulledpork, then I changed someting (but even I don't know what because I turned out later about that), and now duting run it doesn't display what it update/change in rules and laso it start diplicate rules! After every next run I get in rules directory thse same files with rules but with added the same rules as later :(

 

./pulledpork.pl -P -k -I security -c etc/pulledpork.conf

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cumm...@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
        They Match
        Done!
Prepping rules from snortrules-snapshot-2962.tar.gz for work....
        Done!
Reading rules...
Reading rules...
Activating security rulesets....
        Done
Modifying Sids....
        Done!
Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf....
        Modified 0 rules
        Done
Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf....
        Modified 0 rules
        Done
Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf....
        Modified 0 rules
        Done
Setting Flowbit State....
        Enabled 777 flowbits
        Enabled 25 flowbits
        Enabled 4 flowbits
        Enabled 2 flowbits
        Done
Writing rules to unique destination files....
        Writing rules to /tmp/rules/
        Done
Generating sid-msg.map....
        Done
Writing v1 /tmp/sid-msg.map....
        Done
Fly Piggy Fly!
[root@FIREGATE pulledpork-0.7.0]

 

What is going on ?

Robert

 

 

Rodgers, Anthony (DTMB)

unread,
May 29, 2015, 7:34:37 AM5/29/15
to

You can’t do much worse than SecurityOnion – it includes Sguil (for real-time alert management – still the best out there, IMHO) and Snorby or Squert for roll-up reporting.

 

--

Anthony Rodgers

Security Analyst

Michigan Security Operations Center (MiSOC)

DTMB, Michigan Cyber Security

0 new messages