[Snort-users] Combine NIDS with HIDS

Stephen Mullins steve.mullins.work at ...11827...
Sat May 30 13:32:15 EDT 2009

You can use Snort in conjunction with a HIDS.  In terms of aggregating
the data, I think you would use an SIEM (Security Information and
Event Manager), like ArcSight, and have feeds from both Snort and your
HIDS into it.

I don't think using a NIDS to cross-check or verify HIDS alerts is
practical.  I think the way to check a HIDS alarm is to remote into
the system and check the file system etc.

You could use the HIDS to cross-check NIDS alerts though, and that
would make sense to me.

Steve Mullins

On Sat, May 30, 2009 at 11:46 AM, omar hussein <omar811128 at ...11827...> wrote:
> Hello gentleman,
> I was wondering of the ability of combining SNORT which is NIDS with HIDS
> software, and make both works on the same system?
> And is this going to be useful and provide more security? i'm sure that will
> depend on the mechanism that both software’s are going to use in order to
> cooperate between each other. Like using the alarms resulted from one
> software (like HIDS) and check it again by NIDS or vice versa.
> Kindest Regards
> Omar
> MSc Wireless Commincations systems
> London
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list