[Snort-users] snort web interface

Ray Caparros arcy24 at ...11827...
Tue Aug 23 21:40:59 EDT 2011


Totally agree with Jason. Been using Snorby, now that it also comes with
full packet capture.

-Ray

On Tue, Aug 23, 2011 at 9:03 PM, Jason Meller <jason.meller at ...11827...>wrote:

> Alexus,
>
> Full disclosure, I work with Mephux on Snorby but I don't think James or
> Alex correctly or accurately answered your question, so I wanted to throw in
> my $0.02.
>
>    1. BASE is a dead project and hasn't had a new feature pushed since
>    2008 (3 years ago). It doesn't plug in with any of the packet capture
>    frameworks out there and its interface is disorganized compared to the other
>    available front-ends. It's dead, let's move on. Supporting a dead
>    open-source project hurts the actively developed efforts out there.
>
>    2. Squert is a bad ass project in active development. One thing James
>    didn't mention though is that it requires SQUIL which utilizes an entirely
>    different DB schema than the ones provided by the snort/barnyard2 db output
>    plugins. SQUIL requires a bit more expertise to get up and running than your
>    standard Snort + front-end solution. If you want to go that route Squert is
>    a good SGUIL companion.
>
>    3. Snorby is a RECENT development in the community, It was first
>    introduced in 2009 and has far surpassed BASE in functionality. I work with
>    Mephux developing Snorby and here are some of the reasons I would recommend
>    it to anyone:
>
>
>    - It's actively developed by two passionate NSM analysts.
>       - It allows you to pivot on datapoints in the events without
>       interrupting analyst's thought process (rule content, related alerts, ip
>       arin/whois data)
>       - It integrates with OpenFPC and Solera DeepSee products for Full
>       Packet Capture.
>       - It has exportable and beautiful PDF reports and metrics.
>
> The security industry is evolving so rapidly that choosing a dead project
> like BASE for your SOC, MSSP, CIRT, or even personal use is just setting you
> up for failure.
>
> Other people agree with this assessment and that is why the project has
> been accepted into Security Onion Distro and featured on The Change Log.
>
> Other analysts are excited about Snorby as well. Check out these articles:
>
>    - http://beboblog.johnbebo.com/2011/08/13/snorby-as-ids.aspx
>    - http://www.aldeid.com/wiki/An-interesting-forensics-analysis
>
> If you want to check out Snorby check out our live demo at
> http://demo.snorby.org (u: demo at ...15054..., p: snorby)
>
> If you want to test out Snorby in your environment, check out Insta-Snorby
> (www.snorby.org), it's a turn-key Snorby.
>
> Enjoy the project and please support us!
>
> Mephux and Terracatta
>
> On Tue, Aug 23, 2011 at 7:34 PM, James Lay <jlay at ...13475...>wrote:
>
>>
>>
>> On 8/23/11 5:04 PM, "alexus" <alexus at ...11827...> wrote:
>>
>> >I was wondering what's popular/good web interfaces these days?
>> >
>> >--
>> >http://alexus.org/
>> >
>>
>> >--------------------------------------------------------------------------
>> >----
>> >EMC VNX: the world's simplest storage, starting under $10K
>> >The only unified storage solution that offers unified management
>> >Up to 160% more powerful than alternatives and 25% more efficient.
>> >Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
>> >_______________________________________________
>> >Snort-users mailing list
>> >Snort-users at lists.sourceforge.net
>> >Go to this URL to change user options or unsubscribe:
>> >https://lists.sourceforge.net/lists/listinfo/snort-users
>> >Snort-users list archive:
>> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>> >Please visit http://blog.snort.org to stay current on all the latest
>> >Snort news!
>>
>> BASE seems to give the maximum amount of information/reports vs. ease of
>> install.  SQueRT is awesome, but does require a few extra processes
>> running.  Snorby is "ok"...not very good for reports at least in my
>> experience.  For SQueRT and Snorby, it's pretty crucial that you have a
>> tuned snort install since you don't have an easy method to delete entries.
>>
>> James
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> EMC VNX: the world's simplest storage, starting under $10K
>> The only unified storage solution that offers unified management
>> Up to 160% more powerful than alternatives and 25% more efficient.
>> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110823/78a050f3/attachment.html>


More information about the Snort-users mailing list