Re: Experience with snort-based IDS like PacketAlarm?

["Miles Carpenter" <miles_carpenter () hotmail com>]

> Hi,
> has anybody of you any experience with PacketAlarm or other
snort-based IDS?
> I have tried the trial version of PacketAlarm and now I'm interested
in other
> snort-based IDS and what other people think about it.
>
> Eduardo Rodrigue
I know 2 products, Sourcefire and PacketAlarm. The advantage of these
kind of products is that you don't need to worry about patches and
updates for operating system, middleware like webserver, database,
snort, ... Mostly they have much more features than pure snort
(especially PacketAlarm). Because of the above and the easy
configuration it is from a commercial point of view better to use
PacketAlarm or Sourcefire than pure snort.
The difference between PacketAlarm and Sourcefire is first of all the
pricing. PacketAlarm costs < 5.000 Euro, Sourcefire I think $20.000 for
the manager and $10.000 for the sensor. PacketAlarm is very powerful and
has a really nice user interface with a sophisticated rule-editor and
event viewer. Compared to PacketAlarm Sourcefire is close by the native
snort configuration files. So the user needs more knowledge about the
snort configuration options.
Ciao
Miles Carpenter

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users