[Snort-users] ACID and SnortReport Questions

Ibarra, Michael m.ibarra at ...7065...
Thu Oct 3 08:12:06 EDT 2002


Yes, but the email that is sent is pretty much useless to the 
reciever, it doesn't give any additional data like the email
below. What would be a great feature is something that pulls
all relevant information, i.e. src ip dst ip and number of 
alerts with start-end dates. Yes, I know that this is ALOT
to ask for, but this is what would set SNORT far ahead of
other packages. I do not know how many people on this list
actually send reports on a daily basis, I do, and it blows.

-mike

-----Original Message-----
From: Hicks, John [mailto:JHicks at ...5857...]
Sent: Thursday, October 03, 2002 10:55 AM
To: 'Ibarra, Michael'; Snort Users (E-mail)
Subject: RE: [Snort-users] ACID and SnortReport Questions


Using ACID it's very easy to fire emails off of individual alerts, a
selected list of alerts, or an entire query that is relevant.

cheers,
John

-----Original Message-----
From: Ibarra, Michael [mailto:m.ibarra at ...7065...]
Sent: Thursday, October 03, 2002 10:45 AM
To: 'Snort Users List' (E-mail)
Subject: [Snort-users] ACID and SnortReport Questions


Hello:

I've recently used SHADOW and was very impressed with its ability
to create a report based on src ip, dest ip, port, traffic type, etc. This
report was especially helpful for delivery to  ISP's and such, not that
they do much without some legal threats. What I see lacking in both
ACID as well as snortreport is this functionality, or have I missed
something? 

Here is a sample of what the Shadow report looks like:

                  Company-NAME - Network Security Division
                            Network Detection Report

                               Phone 212-555-1212

Company-NAME Intrusion Detection Report No.: Company-NAME-IDR20021003.2

   1. Report Date: Thu Oct 03, 2002 - 10:40:23
   2. Incident Date: 
   3. Type of Incident: Informational Report
   4. Individuals Involved: 
         Source: 
         Target(s):   Site: Company-NAME
   5. Cost of this Incident: No Downtime.
   6. Summary of Incident and Investigation Results: 



***** End of Company-NAME Intrusion Detection Report No.: ### *****



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list