[Snort-users] event correlation/aggregation;extrusion detection
Jochen.Kaiser at ...704...
Mon Apr 4 04:14:03 EDT 2005
I am trying to use snort for extrusion detection for a large
class B network. As you can imagine, I get tons (i.e. hundreds
of thousands) of events - already specialized on bleeding-edge
snort rules on malicious activity. Logging this in a database
using the well known snort/acid scheme doesn't make sense.
Has anyone of you implemented an alternative snort database
plugin? It would be nice to hear your thoughts before I do
develop my own one based on my personal needs for extrusion
Another one: are there guidelines for handling millions
of events with snort? Any experience?
Are there any notable 'snort event correlation/aggregation'
greetings and regards,
Dipl. Inf. Jochen Kaiser, GPG 0x3C93A870, phone +49 9131 85-28681
Network Administration mailto:jochen.kaiser at ...704...
Regionales Rechenzentrum Universitaet Erlangen-Nuernberg, Germany
More information about the Snort-users