RE: Appliances using free software

["Eric Hines" <eric.hines () appliedwatch com>]

Maybe someone from ISS or someone who uses Site Protector here can jump in,
perhaps ISS doesn't support Snort alerts.. but I do know they allow you to
use Snort signatures but was told by an ISS sales rep once upon a time ago
that they can't guarantee the performance anymore when using them. Looking
at the ISS site, I don't see anything on that anymore -- perhaps they killed
it? 

Anyone here use it and can say for sure if it supports Snort alerts or not?
I do agree with Paul though, you can not manage Snort from Site Protector.




Best Regards,

Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1095 Pingree Rd.
Suite 213
Crystal Lake, IL 60014
Tel: (877) 262-7593 e:327
Fax: (877) 262-7593
Mob: (847) 456-6785
Web: http://www.appliedwatch.com
----------------------------------------------------------------------------
- 
Enterprise Snort Management at http://www.appliedwatch.com.
Security Information Management for the Open Source Enterprise.
----------------------------------------------------------------------------
-



-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu] 
Sent: Thursday, August 11, 2005 3:52 PM
To: Jeff Dell; 'Eric Hines'; 'Gutemberg A. Vieira';
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Appliances using free software

--On Thursday, August 11, 2005 16:10:04 -0400 Jeff Dell
<jdell () activeworx com> wrote:

> I thought we were done with the marketing on this list...
>
> > Unlike Sourcefire, we allow you to use the free, open source version 
> > of Snort instead of requiring our appliance purchase.
>
> Before you say what a competitor can or can't do in a public forum you 
> should really check to see if it is true.
>
> From: http://www.sourcefire.com/products/is_agent.html
>
> The Sourcefire Intrusion Agent allows open source Snort users to do 
> more than just detect intrusions; it enables a single Sourcefire 
> Defense Center to aggregate event information from one or more Snort 
> sensors alongside data from Sourcefire Intrusion Sensors and Sourcefire
RNA sensors.
>
Well, yeah, but *his* question was, "It is possible to manage snort agents
IDS/IPS using a ISS console?"

The "ISS console" he refers to is Site Protector, and I doubt seriously that
you can manage snort sensors with it.

However, you *might* be able to integrate the *data* from snort sensors into
the Site Protector interface.  I don't know that for certain, so you'd have
to check the docs.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users