Snort mailing list archives
Re: Confirmation For Alerts In ACID Needed
From: Joseph Gresham <joe () onshore com>
Date: Thu, 21 Nov 2002 17:23:24 -0600
Do you need to run 2 instances of acid for this setup to work? ie: "So for me, anything that still needs looking at is in the main database but all history and charts, etc. comes from the archive database."If that is not te case what configuration changes are neccessary for this to work? I guess I could look at the scripts myself, but if you already know I would appreciate the advice.
-- Joseph J. Gresham Jr. Systems Integration Consultant/Network Engineer Onshore Inc. 312-850-5200 x.138 Ibarra, Michael wrote:
Yeah, I do this also, but it doesn't address the need tohave notes, as you've mentioned, as well as the need to see who, if anyone else, is already working on the given alert.Anybody? -mike -----Original Message----- From: Joel Colvin [mailto:joelc () ctchouston com] Sent: Wednesday, November 20, 2002 5:34 PM To: 'Ibarra, Michael'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Confirmation For Alerts In ACID Needed What I do is create an archive database and then use the ACID function to move items to the archive. So for me, anything that still needs looking at is in the main database but all history and charts, etc. comes from the archive database. It would be nice to have notes in the database though... Joel -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ibarra, Michael Sent: Wednesday, November 20, 2002 4:00 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Confirmation For Alerts In ACID Needed Greetings All: I currently have a sitauation whereby I have a team looking at snort alerts via ACID. The problem is that we sometimes have more than one person working on an alert, worse following through with notifying the offending IP's ISP or IP owner. Does anyone know if the latest version of ACID has an option to make notes, add a confirm button or add an assigned to feature? If not, has anyone done something like this or have a need for it too?I realize that this is entirely ACID related but I am asking all of you for thoughts and ideas on this. Without re-writing ACID to add this feature, I am stumped :(Thanks in advance,-mike-------------------------------------------------------This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -------------------------------------------------------This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joseph J. Gresham Jr. Systems Integration Consultant/Network Engineer Onshore Inc. 312-850-5200 x.138 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confirmation For Alerts In ACID Needed Ibarra, Michael (Nov 20)
- RE: Confirmation For Alerts In ACID Needed Joel Colvin (Nov 20)
- <Possible follow-ups>
- RE: Confirmation For Alerts In ACID Needed Ibarra, Michael (Nov 20)
- Re: Confirmation For Alerts In ACID Needed Joseph Gresham (Nov 21)
- RE: Confirmation For Alerts In ACID Needed Fraser Hugh (Nov 21)