[Snort-users] Re: Snort Wizard comming soon!

Alex Rodrigues alex at ...3156...
Tue Nov 27 06:03:06 EST 2001


I'm working at a PHP based software, to:
- manage my snort
- manage rules
- autoupdate rules (like symantec liveupdate)
- Rules Import/export
- Rules edit using web
- Rules merge
- Rules discart (false positive minimizer)
- snort.conf user frendly editor
- classification file editor (userfrendly)
- rules and rules files organizer
- multiple snort sensord

Will be called "Snort Wizard" and should be availabe in 3 months I guess.

Thanks.
Alex




----- Original Message -----
From: "Jason Lewis" <jlewis at ...2449...>
To: "'Jeff Dell'" <jdell at ...1095...>;
<snort-users at lists.sourceforge.net>
Sent: Tuesday, November 27, 2001 10:25 AM
Subject: RE: [Snort-users] Rule management


I mispoke and I apologize.  I was thinking about IDS Policy Manger and typed
IDScenter.  I have used it and it is handy.

My problem is win2k.  heh  Jeff how about a linux version?  Or even
something web based?

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.




-----Original Message-----
From: Jeff Dell [mailto:jdell at ...1095...]
Sent: Tuesday, November 27, 2001 7:05 AM
To: jlewis at ...2449...; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Rule management



I have been working on a tool that does just this: IDS Policy Manager
www.activeworx.com. It does complete rule management for Snort. Yes,
this tool does reside on Windows 2k, but it handles rules for really any
os. One thing it doesn't presently have is automatic rule update. But it
does everything else. If that is something that is in high demand, it
should be easy enough to do.

To be honest with you, I watch how often the CVS rules get updated and
it only happens about once a week. If you modify your ids sensors more
then once a week, it is easy enough to just click a button to merge in
the new rules as you are modifying them. This way you know exactly which
rules were merged in and if you really want them enabled or not. I
personally have a hard time just updating the policy without me knowing
what changes have been made.

Jeff


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
> Jason Lewis
> Sent: Tuesday, November 27, 2001 6:34 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Rule management
>
>
> I was thinking about all the requests for automatic rule
> updates.  I think this stems from the anti-virus auto update
> features.  The thinking is....the more up to date the sigs
> are, the better off you are.
>
> What we really need is a rule management tool.  IDScenter
> does some of this, but it runs on Win2k.  (You can manage
> linux sensors too)
>
> Is anyone updating a master rule list and pushing updates to
> sensors?  I have tossed around different ideas for doing this
> and thought maybe I could get some feedback here.  I was
> thinking a directory structure that had folders for each
> sensor and rules were updated automatically via scp. Thoughts?
>
> Jason Lewis
> http://www.packetnexus.com
> It's not secure "Because they told me it was secure".
> The people at the other end of the link know less
> about security than you do. And that's scary.
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/s> nort-users
>
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list