Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snorby usage

From: Doug Burks <doug.burks () gmail com>
Date: Wed, 5 Nov 2014 17:26:26 -0500
Hi Pradeep,

Replies inline.

On Wed, Nov 5, 2014 at 4:51 PM, Pradeep Mocherla <saipradeep7 () gmail com> wrote:

Hi, I'm new to snorby. I'm doing a project where I need to create 3 machines
to be installed in a virtual box. One for attacking, one more for observing
and other one as a victim. Now I'm using security onion for observing
attacks, Kali Linux to attack and again linux as a victim. Now I have few
doubt's regarding usage of snorby in security onion.
How to set the ids to monitor the victim IP address that is Linux address
I.e where do I need to change the setting.


Please see:
https://code.google.com/p/security-onion/wiki/PostInstallation

"If you’re monitoring IP address ranges other than private RFC1918
address space (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12), you should
update your sensor configuration with the correct IP ranges. Sensor
configuration files can be found in /etc/nsm/HOSTNAME-INTERFACE/.
Modify either snort.conf or suricata.yaml (depending on which IDS
engine you chose during sosetup) and update the HOME_NET variable. "


Second one, how to change the rules to snorby or view the rules in snorby??


Please see:
https://code.google.com/p/security-onion/wiki/ManagingAlerts
https://code.google.com/p/security-onion/wiki/AddingLocalRules

If you have further questions or problems relating to Security Onion,
please use the security-onion Google Group:
https://code.google.com/p/security-onion/wiki/MailingLists


-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: