Snort mailing list archives
Re: snort installation and usage
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 18 Jan 2014 19:57:48 -0500
On 1/18/2014 1:48 PM, Adrian Sevcenco wrote:
This confirmation is enough :) Thanks!
you are welcome ;)
OTOH, how do you use snort? is there a GUI of some kind that can be an direct visual interface for the snort data? (without the intermediate database?)
no... our operation reads snort's default ALERT file directly and issues automatic firewall blocking commands based on our app's configuration and the alert's level of severity... as with any other security setup, this requires tuning for one's network and its traffic... in our setup, the only human interaction is to white list IPs or rules by GID/SID or whole entire GID groups... for our users that have the time to perform the necessary tuning, this works great... for those that don't have the time to tune or don't have the time to learn what's needed to know to decide what method to use to tune (eg: you can white list by IP, SID or GID and each can be done in one of several places which give different benefits or drawbacks), it can be a bit of a hassle and lead to quite some complaints due to a lack of understanding... our app is not something that you set and forget... it requires human tuning for the first "while" of use... "while" may be days or months... it is generally not something that a support service can offer unless they can get intimate with their clients' networks and stay intimate with that network until the tuning is done... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort installation and usage Adrian Sevcenco (Jan 18)
- Re: snort installation and usage waldo kitty (Jan 18)
- Re: snort installation and usage Adrian Sevcenco (Jan 18)
- Re: snort installation and usage waldo kitty (Jan 18)
- Re: snort installation and usage Adrian Sevcenco (Jan 18)
- Re: snort installation and usage waldo kitty (Jan 18)