[Snort-users] ACID and SnortReport Questions

Ibarra, Michael m.ibarra at ...7065...
Thu Oct 3 07:46:09 EDT 2002


Hello:

I've recently used SHADOW and was very impressed with its ability
to create a report based on src ip, dest ip, port, traffic type, etc. This
report was especially helpful for delivery to  ISP's and such, not that
they do much without some legal threats. What I see lacking in both
ACID as well as snortreport is this functionality, or have I missed
something? 

Here is a sample of what the Shadow report looks like:

                  Company-NAME - Network Security Division
                            Network Detection Report

                               Phone 212-555-1212

Company-NAME Intrusion Detection Report No.: Company-NAME-IDR20021003.2

   1. Report Date: Thu Oct 03, 2002 - 10:40:23
   2. Incident Date: 
   3. Type of Incident: Informational Report
   4. Individuals Involved: 
         Source: 
         Target(s):   Site: Company-NAME
   5. Cost of this Incident: No Downtime.
   6. Summary of Incident and Investigation Results: 



***** End of Company-NAME Intrusion Detection Report No.: ### *****





More information about the Snort-users mailing list