[Snort-users] Rule Management for Snort

Mark Vevers mark at ...5096...
Tue Feb 26 07:56:10 EST 2002


Hi,

For those of you who use ACID and have alternative monitoring arrangements
to Demarc for your network, but would like centralized rule management
for Snort I have written a small PHP addon - RuleMANagaer for Snort:

Main Features:
    Multiple Sensors with different rule sets (managed by rule group).
    Ruleset merging from latest snort rules or your own rulesets.
    Automatic sensor update and snort-restart.
    Rule Editing and Creation.
    Uses central snort MySQL Database.
    Open Source GPL License.

The software is currently at 0.0.2 alpha stage, but is used in a real live
environment to control a group of sensors.

    URL: http://rman.sourceforge.net
    Project URL : http://sourceforge.net/projects/rman

The next stage is to add variable management and rule filters to allow
sensors to pick up their variables from the db and vary them by
sensor-rulegroup combinations.

If you want to contribute to the project please let me know.  Any comments
etc. welcome.   The more feedback I get the more I'll work on the code!
I hope some people may find it of use.

Regards,

Mark Vevers

-- 
Mark Vevers.    mark at ...5096... / mvevers at ...5097...
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
Tel: +44 1235 823380,   Fax: +44 1235 823424






More information about the Snort-users mailing list