[Snort-users] Acid and HSC
michael.boman at ...11827...
Mon Nov 8 00:44:39 EST 2004
On Mon, 08 Nov 2004 16:07:24 +0800, sam wun <sam.wun at ...12627...> wrote:
> I found that current version of Acid is nearly useless for security analyst. Acid can't even provide functions allow security analyst to inspect tcp/ip payload.
> Does HSC offer this type of analysis?
ACID can analyze packet payload, if you configured the database
logging correctly. However, if you want to practice true NSM (Network
Security Monitoring) I suggest you to take a look at Sguil
(www.sguil.net), which offers a range of features that is of interest
when you are investigating a possible intrusion or compromise.
More information about the Snort-users