[Snort-users] Integrate Snort with Remedy, Anyone Please???

Jeff Nathan jeff at ...950...
Thu Feb 12 12:51:08 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The New York State University at Buffalo has been developing ARS Perl 
for Remedy Action Request system for years.  The website for arsperl is 
http://arsinfo.cit.buffalo.edu/perl/index.html

As I suspect you're already aware, Snort can generate a significant 
number of alerts depending on how you've configured it.  I'd use the 
thresholding features within Snort carefully to ensure you don't 
created hundreds of tickets in Remedy.

With this in mind, you could parse XML formatted Snort alerts and 
create remedy tickets using ARS Perl.

It's been many years since I've used ARS Perl, so I can't comment on 
how well it works.

Good luck.

- -Jeff

On Feb 12, 2004, at 11:23 AM, Snortty wrote:

>
> All,
> My snort IDS on Solaris 8 has been running more
> stable, and in better control now.
>
> I'm thinking of integrating Snort alerts with Trouble
> Ticket Systmes - specifically Remedy, in order to be
> monitored together with other type of tickets, and be
> tracked the progress of resolving issues detected by
> Snort.
>
> Has anyone done the similar things, or know better to
> offer any suggestions/comments/places to look further
> PLEASE?
>
> I will share my results if I can make progress on this
> one.
>
> Thank you in advace!
> Snortlover.
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online.
> http://taxes.yahoo.com/filing.html
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

- --
The most technical single-track security conference in the West.
Vancouver B.C., Canada   April, 2004   http://cansecwest.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAK+awEqr8+Gkj0/0RApvGAJ9US1JIFB+rZ/1XbXB76uS6ejMjvQCfavmh
7Jg4LgLQX6utydQbGUiuZLU=
=w1DL
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list