Re: Unified2 questions

[waldo kitty <wkitty42 () windstream net>]

On 4/27/2011 10:22, Lay, James wrote:
> My process for handling snort alerts is:
>
> See the alert in the logs
> Do a whois on the remote IP
> tshark –X the current snort.pcap file matching the remote IP to see the raw
> packet caught

+100

i see that you are a believer in the KISS principle, too :)

> How does unified2 output fit into this type of response? Thanks for any help all.

that's something i dance with, too... especially since my targeted market is a 
SOHO firewall product... we want alerts and possibly active blocking of those 
causing the alerts... all the rest of the fluff'n'stuff is much much too much 
and over the top... i can see that for possibly some monstrous corporate entity 
but way over here in the shallower end of the pool we don't have room for all 
that nor do those running in our sphere want to be burdened with all of that...

yeah, i can just see a single mother of three setting up the firewall package, a 
database server and some diagnostic workstation along with the one or two other 
machines, game consoles and smartphones they may have on their SOHO network... 
riiiiiight...

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users