[Snort-users] Experience with snort-based IDS like PacketAlarm?

Miles Carpenter miles_carpenter at ...125...
Wed Jun 4 23:48:15 EDT 2003


>Hi,
>has anybody of you any experience with PacketAlarm or other
snort-based IDS?
>I have tried the trial version of PacketAlarm and now I'm interested
in other
>snort-based IDS and what other people think about it.
>
>Eduardo Rodrigue
I know 2 products, Sourcefire and PacketAlarm. The advantage of these
kind of products is that you don't need to worry about patches and
updates for operating system, middleware like webserver, database,
snort, ... Mostly they have much more features than pure snort
(especially PacketAlarm). Because of the above and the easy
configuration it is from a commercial point of view better to use
PacketAlarm or Sourcefire than pure snort.
The difference between PacketAlarm and Sourcefire is first of all the
pricing. PacketAlarm costs < 5.000 Euro, Sourcefire I think $20.000 for
the manager and $10.000 for the sensor. PacketAlarm is very powerful and
has a really nice user interface with a sophisticated rule-editor and
event viewer. Compared to PacketAlarm Sourcefire is close by the native
snort configuration files. So the user needs more knowledge about the
snort configuration options.
Ciao
Miles Carpenter

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963





More information about the Snort-users mailing list