[Snort-users] snort web interface

Paul Halliday paul.halliday at ...11827...
Wed Aug 24 07:02:05 EDT 2011


On Tue, Aug 23, 2011 at 10:03 PM, Jason Meller <jason.meller at ...11827...> wrote:
> Alexus,

...
>
> Squert is a bad ass project in active development. One thing James didn't
> mention though is that it requires SGUIL which utilizes an entirely
> different DB schema than the ones provided by the snort/barnyard2 db output
> plugins. SGUIL requires a bit more expertise to get up and running than your
> standard Snort + front-end solution. If you want to go that route Squert is
> a good SGUIL companion.
>

Just to expand on this a little:

Squert wasn't designed to be an analyst console (in the typical sense
of the term).  If you are a dedicated analyst or part of a team of
analysts doing weighted FIFO analysis then Squert is definitely not
for you. Squert was created and is being developed to provide an easy
way to look at a whole bunch of data with different views that will
hopefully (ultimately) give you a hint of developing and ongoing
problems; at a glance.

More simply though, it is for people that have been tasked with
security, that aren't really good at security, and only get to spend
20% of their day on security :)

Thanks.

-- 
Paul Halliday
http://www.squertproject.org/




More information about the Snort-users mailing list