Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort installation and usage

From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 18 Jan 2014 19:57:48 -0500
On 1/18/2014 1:48 PM, Adrian Sevcenco wrote:


This confirmation is enough :) Thanks!


you are welcome ;)


OTOH, how do you use snort? is there a GUI of some kind that can be an
direct visual interface for the snort data? (without the intermediate
database?)


no... our operation reads snort's default ALERT file directly and issues 
automatic firewall blocking commands based on our app's configuration and the 
alert's level of severity... as with any other security setup, this requires 
tuning for one's network and its traffic... in our setup, the only human 
interaction is to white list IPs or rules by GID/SID or whole entire GID groups...

for our users that have the time to perform the necessary tuning, this works 
great... for those that don't have the time to tune or don't have the time to 
learn what's needed to know to decide what method to use to tune (eg: you can 
white list by IP, SID or GID and each can be done in one of several places which 
give different benefits or drawbacks), it can be a bit of a hassle and lead to 
quite some complaints due to a lack of understanding...

our app is not something that you set and forget... it requires human tuning for 
the first "while" of use... "while" may be days or months... it is generally not 
something that a support service can offer unless they can get intimate with 
their clients' networks and stay intimate with that network until the tuning is 
done...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: