Snort mailing list archives
Re: Snorby usage
From: Doug Burks <doug.burks () gmail com>
Date: Wed, 5 Nov 2014 17:26:26 -0500
Hi Pradeep, Replies inline. On Wed, Nov 5, 2014 at 4:51 PM, Pradeep Mocherla <saipradeep7 () gmail com> wrote:
Hi, I'm new to snorby. I'm doing a project where I need to create 3 machines to be installed in a virtual box. One for attacking, one more for observing and other one as a victim. Now I'm using security onion for observing attacks, Kali Linux to attack and again linux as a victim. Now I have few doubt's regarding usage of snorby in security onion. How to set the ids to monitor the victim IP address that is Linux address I.e where do I need to change the setting.
Please see: https://code.google.com/p/security-onion/wiki/PostInstallation "If you’re monitoring IP address ranges other than private RFC1918 address space (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12), you should update your sensor configuration with the correct IP ranges. Sensor configuration files can be found in /etc/nsm/HOSTNAME-INTERFACE/. Modify either snort.conf or suricata.yaml (depending on which IDS engine you chose during sosetup) and update the HOME_NET variable. "
Second one, how to change the rules to snorby or view the rules in snorby??
Please see: https://code.google.com/p/security-onion/wiki/ManagingAlerts https://code.google.com/p/security-onion/wiki/AddingLocalRules If you have further questions or problems relating to Security Onion, please use the security-onion Google Group: https://code.google.com/p/security-onion/wiki/MailingLists -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snorby usage Pradeep Mocherla (Nov 05)
- Re: Snorby usage Doug Burks (Nov 05)