[Snort-users] Combine NIDS with HIDS

omar hussein omar811128 at ...11827...
Sun May 31 08:29:42 EDT 2009


Thanks for the reply.

I know that Snort is one of the best NIDS open source software's that can be
used, any suggestion for HIDS open source software that can be used.. and
would be compatable with Snort!!

Kindest Regards
Omar
London

On Sat, May 30, 2009 at 6:32 PM, Stephen Mullins <
steve.mullins.work at ...11827...> wrote:

> You can use Snort in conjunction with a HIDS.  In terms of aggregating
> the data, I think you would use an SIEM (Security Information and
> Event Manager), like ArcSight, and have feeds from both Snort and your
> HIDS into it.
>
> I don't think using a NIDS to cross-check or verify HIDS alerts is
> practical.  I think the way to check a HIDS alarm is to remote into
> the system and check the file system etc.
>
> You could use the HIDS to cross-check NIDS alerts though, and that
> would make sense to me.
>
> Steve Mullins
>
> On Sat, May 30, 2009 at 11:46 AM, omar hussein <omar811128 at ...11827...>
> wrote:
> > Hello gentleman,
> >
> > I was wondering of the ability of combining SNORT which is NIDS with HIDS
> > software, and make both works on the same system?
> >
> >
> >
> > And is this going to be useful and provide more security? i'm sure that
> will
> > depend on the mechanism that both software’s are going to use in order to
> > cooperate between each other. Like using the alarms resulted from one
> > software (like HIDS) and check it again by NIDS or vice versa.
> > Kindest Regards
> > Omar
> > MSc Wireless Commincations systems
> > London
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> > is a gathering of tech-side developers & brand creativity professionals.
> > Meet
> > the minds behind Google Creative Lab, Visual Complexity, Processing, &
> > iPhoneDevCamp as they present alongside digital heavyweights like
> Barbarian
> > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090531/7e60ecc9/attachment.html>


More information about the Snort-users mailing list