[Snort-users] Snort Deployment Configurations
mcholste at ...11827...
Mon Feb 7 13:39:31 EST 2011
> BTW, I tend to prefer SANCP to collect data in a format more conducive
> for analysing "flows at rest".
Yes SANCP is awesome! I just wish it didn't require a span/tap at
every sniff point. For branch offices, netflow is usually the only
option. A netflow converter/plugin for SANCP would be very cool so
that two separate reporting infrastructures weren't required.
More information about the Snort-users