Snort mailing list archives
Buidling IDS / IPS on existing Elasticsearch cluster using Snort
From: Shivkumar Mallesappa via Snort-users <snort-users () lists snort org>
Date: Wed, 18 Apr 2018 18:17:44 +0530
I am new to this technology (snort). I have basic one line understanding that it is a open source IDS (correct me if I am wrong). I have some experience with ELK stack. I have my Elasticsearch cluster ready with around 50 GB of data. My question is , can I use snort on my current Elasticsearch cluster as IDS. Basically I have parsed my log and it is stored on Elasticsearch with some fields like IP, GEO_LOCATION (City name) etc, so can I use snort to read my current Elasticsearch cluster data and notify me if a suspicious activity/record is found. If not snort , is there any other open source tool available to achieve the above use case. I hope I am clear with my query. Thank you.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Buidling IDS / IPS on existing Elasticsearch cluster using Snort Shivkumar Mallesappa via Snort-users (Apr 18)
- Re: Buidling IDS / IPS on existing Elasticsearch cluster using Snort Y M via Snort-users (Apr 21)