[Snort-users] snort web interface

Richard Bejtlich taosecurity at ...11827...
Fri Aug 26 21:29:01 EDT 2011

On Tue, Aug 23, 2011 at 7:04 PM, alexus <alexus at ...11827...> wrote:
> I was wondering what's popular/good web interfaces these days?

What a great thread!!

The best interface for you is the one that meets your analytical workflow.

If you just want to look at alerts, tailing the alert file might be
sufficient.  (Welcome to 1998.)

If you want to follow NSM, you need something that provides access to
all the NSM data types.

If you want to operationalize incident detection and response, you
also need the capability to escalate and resolve incidents.

Also: anyone scared of trying to install Sguil should try
securityonion.blogspot.com, a live Xubuntu distro.  Eventually Doug
will add other interfaces and frameworks to the distro, so the desired
console throwdown could be done in a single bundle!



More information about the Snort-users mailing list