[Snort-users] Trending

Paul Halliday paul.halliday at ...11827...
Wed Jul 13 20:36:30 EDT 2011


On Wed, Jul 13, 2011 at 5:20 PM, Lay, James <james.lay at ...15009...> wrote:
> Hey all!
>
>
>
> So…I’ve got Snorby installed…it was a hoot, but it’s done now.  My goal for
> the GUI is to easily see trends over time….try and catch the bad guys that
> scan 5 ports a day and junk like that.  Is Snorby the best for this or is
> there something else better out there?  Thanks for any advice.
>

 Like a canned view?

Would you want to be able to create the conditions for the view
yourself? What criteria would you want to be able to chose from?

How do you see the operation of something like that? What interval is
good? an hourly summary? Daily? Monthly?

What other 'junk'?

Just looking for ideas.

-- 
Paul Halliday
http://www.squertproject.org/




More information about the Snort-users mailing list