[Snort-users] ACID with 2 archive databases?
matias at ...7932...
Tue Jan 7 07:06:06 EST 2003
Well the need is there for sure, being able to work with "n" databases
is for sure something nice to have.
Not only for your needs but a typical 3-tire (n-tire) inspection of
alerts is something nice to have in large deployments.
I'll be glad to hear of any developments in this area.
Matías Bevilacqua Trabado
PGP Fingerprint: 9FA3 06A1 3CAE 5996 1716 D9DF 3CE7 E88D 3FFD 6E18
"This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden."
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael
> Sent: martes, 07 de enero de 2003 15:31
> To: snort-users at ...382...
> Subject: [Snort-users] ACID with 2 archive databases?
> I'm using Snort 1.9.0 with ACID v0.9.6b22. I created an
> archive database and use the ACID function to move the true
> alerts to the archive.
> All my charts an history comes from the archive database. The
> false positives stay in the snort database, because I don't
> want to delete them. Sometimes I'm not shure if an alert is a
> false positive and sometimes I need to check an old alert a
> second time. The problem is that we sometimes have more than
> one person working on the alerts in the snort database. And
> that is very difficult with thousands of old alerts in this
> database. Is it possible to use ACID with a second archive
> database (archive2) where we can move the false positives to?
> So that we've a snort database with only the new,
> unexamined alerts. We want to move the true alerts to the
> archive1 database and the false positives to the archive2
> databse. Has anyone done something like this or have a need
> for it too?
> Any ideas?
> Thanx for you help,
> +++ GMX - Mail, Messaging & more http://www.gmx.net +++
> NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something
> 2 See! http://www.vasoftware.com
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/s> nort-users
> Snort-users list archive:
More information about the Snort-users