[Snort-users] Snort rules from a database?
ken.robinson at ...1563...
Wed Jan 9 11:57:06 EST 2002
We now have cool stuff like logging to an SQL database from multiple sensors
and monitoring the results from a web interface like ACID.
How about storing the Snort rules in an SQL database as well? Then you
could have all your snort sensors pick up the rules that they need. You
could put an identifier column in the database to let the sensors know
which rules are generic and which are specific to a sensor. Add a web
front end to this, and now you've got a full easy to use package. You
might want to do something that would provide a local cache of the rules
just in case you were cut off from your database (just like you'd log to a
local filesystem and the database for such a problem).
Is this a good idea?
Has anything like this been done?
More information about the Snort-users