[Snort-users] Acid and HSC

Michael Boman michael.boman at ...11827...
Mon Nov 8 00:44:39 EST 2004


On Mon, 08 Nov 2004 16:07:24 +0800, sam wun <sam.wun at ...12627...> wrote:
> Hi,
> 
> I found that current version of Acid is nearly useless for security analyst. Acid can't even provide functions allow security analyst to inspect tcp/ip payload.
> 
> Does HSC offer this type of analysis?
> 
> Thanks
> Sam

ACID can analyze packet payload, if you configured the database
logging correctly. However, if you want to practice true NSM (Network
Security Monitoring) I suggest you to take a look at Sguil
(www.sguil.net), which offers a range of features that is of interest
when you are investigating a possible intrusion or compromise.

Best regards
 Michael Boman




More information about the Snort-users mailing list