[Snort-users] Appliances using free software

Eric Hines eric.hines at ...8860...
Thu Aug 11 15:41:11 EDT 2005


Maybe someone from ISS or someone who uses Site Protector here can jump in,
perhaps ISS doesn't support Snort alerts.. but I do know they allow you to
use Snort signatures but was told by an ISS sales rep once upon a time ago
that they can't guarantee the performance anymore when using them. Looking
at the ISS site, I don't see anything on that anymore -- perhaps they killed
it? 

Anyone here use it and can say for sure if it supports Snort alerts or not?
I do agree with Paul though, you can not manage Snort from Site Protector.




Best Regards,

Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1095 Pingree Rd.
Suite 213
Crystal Lake, IL 60014
Tel: (877) 262-7593 e:327
Fax: (877) 262-7593
Mob: (847) 456-6785
Web: http://www.appliedwatch.com
----------------------------------------------------------------------------
- 
Enterprise Snort Management at http://www.appliedwatch.com.
Security Information Management for the Open Source Enterprise.
----------------------------------------------------------------------------
-



-----Original Message-----
From: Paul Schmehl [mailto:pauls at ...6838...] 
Sent: Thursday, August 11, 2005 3:52 PM
To: Jeff Dell; 'Eric Hines'; 'Gutemberg A. Vieira';
snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Appliances using free software

--On Thursday, August 11, 2005 16:10:04 -0400 Jeff Dell
<jdell at ...1095...> wrote:

> I thought we were done with the marketing on this list...
>
>> Unlike Sourcefire, we allow you to use the free, open source version 
>> of Snort instead of requiring our appliance purchase.
>
> Before you say what a competitor can or can't do in a public forum you 
> should really check to see if it is true.
>
> From: http://www.sourcefire.com/products/is_agent.html
>
> The Sourcefire Intrusion Agent allows open source Snort users to do 
> more than just detect intrusions; it enables a single Sourcefire 
> Defense Center to aggregate event information from one or more Snort 
> sensors alongside data from Sourcefire Intrusion Sensors and Sourcefire
RNA sensors.
>
Well, yeah, but *his* question was, "It is possible to manage snort agents
IDS/IPS using a ISS console?"

The "ISS console" he refers to is Site Protector, and I doubt seriously that
you can manage snort sensors with it.

However, you *might* be able to integrate the *data* from snort sensors into
the Site Protector interface.  I don't know that for certain, so you'd have
to check the docs.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/





More information about the Snort-users mailing list