[Snort-users] Alternative to BASE

Stephen Mullins steve.mullins.work at ...11827...
Wed Apr 28 15:12:47 EDT 2010


Absolutely.  And, as with most open source projects, it is prone to
long periods of inactivity from the developers as they have full time
jobs and personal lives to take care of.  If one is looking for
professional grade support then I think anyone on this list knows
where to look to get that for Snort.

However, I would love to see a stand alone front end such as Sguil for
some of the "professional grade" proprietary IDS suites out there.
The ease of use and speed with which one can jump between alerts is
phenomenal.

I'm sure the web based front ends are a great boon for the engineers
deploying/maintaining the system, and surely impress those making
purchasing decisions, but analysts are more productive when they can
get the information they need without going through 7 layers of menus,
each with the latency between page loads associated with a web based
interface.

Steve

On Wed, Apr 28, 2010 at 2:45 PM, Jeff Kell <jeff-kell at ...6282...> wrote:
> On 4/28/2010 12:27 PM, Stephen Mullins wrote:
>> As an analyst I can tell you that Sguil is the best IDS analysis front
>> end that I have ever seen.  It blows anything web based out of the
>> water.
>>
>
> But it only scales up to a point (as many/most "IDS analysis" tools,
> each has their threshold of pain).
>
> Jeff
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list