[Snort-users] Snort Deployment Configurations

Joel Esler jesler at ...1935...
Mon Feb 7 16:34:51 EST 2011

On Mon, Feb 7, 2011 at 1:39 PM, Martin Holste <mcholste at ...11827...> wrote:

> > BTW, I tend to prefer SANCP to collect data in a format more conducive
> > for analysing "flows at rest".
> >
> Yes SANCP is awesome!  I just wish it didn't require a span/tap at
> every sniff point.  For branch offices, netflow is usually the only
> option.  A netflow converter/plugin for SANCP would be very cool so
> that two separate reporting infrastructures weren't required.
We have products at Sourcefire that can do all of those (flows,
identification, and netflow).  However, since we try really hard not to
advertise on the lists here, if you want more information feel free to email

Joel Esler | 706-231-1451 | http://blog.snort.org | http://blog.clamav.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110207/7e2bbf47/attachment.html>

More information about the Snort-users mailing list