[Snort-users] snort and ACID
Steve.Hutchins at ...277...
Mon Jan 29 22:15:12 EST 2001
I am setting up several snort sensors reporting to an
ACID console. These will be monitored 24/7
In order to reduce the number of callouts (I already
have the sensor noise down as far as I want to go),I
need to implement some intelligence on the ACID
console that will do the following:
- classify the event (high or low)
- be triggered (somehow) by event update.
- at predefined times analyse the received events and
do some pattern matching and produce a report.
Before I jump into this, has anyone done something like
My ACID console is using mysql (because I've used it b4
and it's free), but from reading the latest notes on it,
it doesn't support triggers or stored procedures, so I guess
I might have to go for some other D/B (anything but Oracle!).
Another requirement I have, is due to the possible number of
sensors (might be up to 36 across New Zealand), the management
of the snort policy (rules file), will need tailoring and
dispensing from a single point (hey why not use the ACID console?)
Has anyone been down this track of automating policy versions
across multiple sensors?
More information about the Snort-users