RE: ACID alternatives

["Mitchell, Jason" <jason.mitchell () seattlechildrens org>]

I've been playing around with Activeworx's HSC for the past week or so, and
just installed the demo of their commercial ASC product.  So far I'm really
digging it.  Has anyone been using this for a duration of time?  Any
thoughts/opinions on it as a front-end for Snort?  Before we make any
purchasing decisions, I'd like to see if anyone has run into problems with
it, or if it comes recommended.  Unfortunately, the single-sensor HSC
version (which is free) won't be enough for us, but the ASC might.

Thanks!

Jason


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff Dell
Sent: Thursday, August 12, 2004 4:13 PM
To: 'Jeff Schmidt (CACL Tech Asst)'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] ACID alternatives

You can also checkout Honeynet Security Console at www.activeworx.org. It
does a good job up to a few million events on MySQL with minimal hardware.

Jeff

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff Schmidt
(CACL Tech Asst)
Sent: Thursday, August 12, 2004 3:28 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID alternatives

Sorry if this is a FAQ, but, can anyone suggest alternatives to ACID for 
analysis of SNORT data? I have a couple problems with ACID. The first 
being scalability. In our deployement of SNORT we seem to pick up 
10k-20k alerts per week. ACID absolutely *crawls* when working on such a 
dataset. Granted, we've got it running on an old low-end box, so I 
recognize that is certainly part of the problem, but ACID just doesn't 
seem to cut it. Also, it appears that ACID is dead. It never reached 1.0 
status, and in fact the last release of ACID was almost 2 years ago.

So, are there any active, open-source projects that are developing 
something similar to ACID but that might, perhaps be a better 
alternative to ACID?

Jeff Schmidt






CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not 
the intended recipient, you may not use, copy, or distribute this e-mail message or its attachments. If you believe you 
have received this e-mail message in error, please contact the sender by reply e-mail and destroy all copies of the 
original message. 


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users