Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Demark PureSecure questions

From: "Nick Duda" <nduda () VistaPrint com>
Date: Fri, 5 Mar 2004 06:51:22 -0500
As I wrote to Sam directly, Puresecure sucks. At least when they offered
the free "non commercial" version about 6-7 months ago. Why do i think
it sucks? well its a snort box , so it does the job, and it has a decent
interface....i think it sucks because of how puresecure hacked the
traditional snort configuration up. Getting any normal snort add on or
even doing basic configuration outside of the puresecure interface is
horrible. Puresecure reads/merges the .rules into the snort.conf in the
MySQL DB. This gave me numerous problems if I wanted to do any type of
automated rule updates and script updates. I was always forced to modify
the DB temp file , export the DB , make changes and restart the app. The
only thing thats going for PureSecure is the interface....
its...well.... pretty (and thats all). However, I for one dont sit at a
gui console watching stuff. I mean i have ACID going but purely for
statistics. All other alerting and the likes I have dont via console or
email. The cost to run PureSecure commericaly is huge also, when you can
do the same thing with building it yourself. Also rule updating is only
allowed via puresecure interface.... good luck trying to implement the
current rules from snort.org directly if you run modified rulesets. 
 
- Nick

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ridlon,
Michael
Sent: Thursday, March 04, 2004 2:15 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Demark PureSecure questions


Hate to tell you this Sam, but no one on here knows anything about
Puresecure.  I asked a question about it a few weeks ago and all I got
was a smartass reply.
Good luck,
Mike


On Thu, 2004-03-04 at 11:14, sam () neuroflux com wrote: 

        Hello all.  I am currently evaluating the Demarc Puresecure
product, which
        appears to be a full featured centralized maangement interface
for Snort.
        
        I was wondering if anyone else out there is using the product in
a
        production environment, and if so, what are your experiences
with it?
        
        Thanks!
        
        -Sam
        
        
        
        -------------------------------------------------------
        This SF.Net email is sponsored by: IBM Linux Tutorials
        Free Linux tutorial presented by Daniel Robbins, President and
CEO of
        GenToo technologies. Learn everything from fundamentals to
system
        
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
<http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click> 
        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users> 
        Snort-users list archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users
<http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Previous By Date Next
Previous By Thread Next

Current thread: