Re: snort web interface

[Paul Halliday <paul.halliday () gmail com>]

On Tue, Aug 23, 2011 at 10:03 PM, Jason Meller <jason.meller () gmail com> wrote:
> Alexus,

...
> Squert is a bad ass project in active development. One thing James didn't
> mention though is that it requires SGUIL which utilizes an entirely
> different DB schema than the ones provided by the snort/barnyard2 db output
> plugins. SGUIL requires a bit more expertise to get up and running than your
> standard Snort + front-end solution. If you want to go that route Squert is
> a good SGUIL companion.

Just to expand on this a little:

Squert wasn't designed to be an analyst console (in the typical sense
of the term).  If you are a dedicated analyst or part of a team of
analysts doing weighted FIFO analysis then Squert is definitely not
for you. Squert was created and is being developed to provide an easy
way to look at a whole bunch of data with different views that will
hopefully (ultimately) give you a hint of developing and ongoing
problems; at a glance.

More simply though, it is for people that have been tasked with
security, that aren't really good at security, and only get to spend
20% of their day on security :)

Thanks.

-- 
Paul Halliday
http://www.squertproject.org/

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!