[Snort-users] Integrate Snort with Remedy, Anyone Please???

Noble, Kevin Kevin.Noble at ...11200...
Thu Feb 12 11:13:04 EST 2004


Also consider SEC (Simple Event Correlator)
http://sourceforge.net/projects/simple-evcorr/
Using something like this give the GAP or buffer you need.

-Kevin 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Owen
McCusker
Sent: Thursday, February 12, 2004 12:35 PM
To: snort-users at lists.sourceforge.net
Cc: Snortty
Subject: Re: [Snort-users] Integrate Snort with Remedy, Anyone Please???


I would put some type "air-gap" somewhere in the
overall security operations of your ticket system.

During DOS exploits you may be generating lots of ticks,
auto-ticket generator.

Maybe use ACID alert capabilities, and wrap the creation
of an alert group with the creation of a ticket
in your Trouble Ticket System.

Owen


>All,
>My snort IDS on Solaris 8 has been running more
>stable, and in better control now.
>
>I'm thinking of integrating Snort alerts with Trouble
>Ticket Systmes - specifically Remedy, in order to be
>monitored together with other type of tickets, and be
>tracked the progress of resolving issues detected by
>Snort.
>
>Has anyone done the similar things, or know better to
>offer any suggestions/comments/places to look further
>PLEASE?
>
>I will share my results if I can make progress on this
>one.
>
>Thank you in advace!
>Snortlover.
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Finance: Get your refund fast by filing online.
>http://taxes.yahoo.com/filing.html
>
>
>-------------------------------------------------------
>SF.Net is sponsored by: Speed Start Your Linux Apps Now.
>Build and deploy apps & Web services for Linux with
>a free DVD software kit from IBM. Click Now!
>http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list