[Snort-users] plz help

Matt Schillinger mschilli at ...8937...
Wed Apr 23 09:51:23 EDT 2003


Snort is a NIDS, prelude is a HIDS framework (that includes a nids)..
Snort is great, but the snort developers are not claiming that it is the
only piece to the IDS puzzle. 

The power of Prelude IDS is it's ability to centralize security data.. 
It is more than a NIDS, and HIDS.. It is a framework system for
centralizing all NIDS and HIDS data together, and viewing it from a
single location/frontend.  There is work being done now to add
countermeasure functionality to Prelude by the maker of SnortSAM.. 

Actually, the following tools can be made to log to a prelude central
system for viewing.. 

Prelude-NIDS 
Snort (up to 2.0.0) - can send to prelude w/ patch. 
Firestorm NIDS 
Prelude-LML - Log monitor that searches for security oriented strings..
It also can act as a syslog server so that logs can be centralized. 
It also is able to perform file modification monitoring. 
Honeyd - Honeyd honeypot can send reports to prelude w/ patch 
Nessus - can send info w/ patch. 
Nagios - send status changes w/ patch 

Not trying to preach, but those are facts.. 


Matt Schillinger 
mschilli at ...8937... 


On Wed, 2003-04-23 at 09:06, Tantravahi Venkata Aditya wrote: 
> As an NIDS i think it has 
> less features than Snort
> Well it is just my first impression, i have it 
> but i never relly used it for work...
> 
> 
> 
> On Tue, 22 Apr 2003 22:29:15 -0700 (PDT)
> smitha rao <meetsmithahv at ...131...> wrote:
> 
> > hi all
> >  I have installed snort and interested in testing it..
> > I heard of another IDS called prelude which is a
> > hybrid IDS includes both host based and NIDS..but i
> > wanted to know whethe the prelude is good as NIDS than
> > snort..how their performance varies..and if prelude is
> > good thats why?
> >     plz.. help me..
> >              Thank you
> > 
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > The New Yahoo! Search - Faster. Easier. Bingo
> > http://search.yahoo.com
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -- 
> ______________________________________________
> Tantravahi Venkata Aditya
> Mestrando em Computacao Aplicada
> Instituto Nacional de Pesquisas Espacias (INPE)
> Laboratorio Associado de Computacao e Matematica Aplicada (LAC)
> Grupo de Redes e Seguranca de Sistemas da Informacao
> www.lac.inpe.br
> Pagina Pessoal:
> http://www.tantravahi.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list