[Snort-users] Snorby opinions

Dustin Webber dustin.webber at ...11827...
Mon Jun 6 12:30:48 EDT 2011


Snorby is not about being `flashy` - It's about proper interface design and
workflow. The ability to produce metrics and quickly navigate
(hotkeys), classify and investigate are a few of snorbys strengths.

Snorby will be moving to a custom collection/processing system soon using my
unified2 lib (https://github.com/mephux/unified2) and the snorby-collect cl
tool (https://github.com/Snorby/snorby-collect). This will open a few doors
for snorby users likes event preprocessing/categorization before
insert/storage using a simple and clean DSL (Like a unified2 ORM -
supporting all modern datastores: key/value, mongodb etc..). You will have
the ability to design the datastore to fit your needs and snorby will just
sit on top with a translation layer.

The security community seems to have a personal vendetta with design and new
technology. I'm not sure I will ever fully understand why but in my eyes if
we don't start moving forward and accepting UX theory
and incorporating new technologies (yes, lets stop using perl and php
please) we will never evolve. </rant>

Sometimes pretty does not mean gimmick, we just cared about it.

Dustin W. Webber
Dustin.Webber at ...11827...


On Mon, Jun 6, 2011 at 12:06 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

> I'm one of those BASE people still... It's difficult to move off of it now,
> since I've modified it to link with my patch management and AV/HIPS products
> (as well as StreamDB and OpenFPC).
>
> What does Snorby give you that BASE doesn't (besides a much flashier GUI?)
>
> -----Original Message-----
> From: Martin Holste [mailto:mcholste at ...11827...]
> Sent: Sunday, June 05, 2011 9:58 AM
> To: Lay, James
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snorby opinions
>
> Snorby is great--anyone still messing around with BASE is missing out!
>
> Also, if you want a ridiculously fast packet capture tool to integrate
> with Snorby, you can use StreamDB (streamdb.googlecode.com) as a
> drop-in replacement for OpenFPC (Snorby hooks into OpenFPC under
> "Packet Capture Options").  Your packets (streams in this case) will
> load instantaneously (versus a minute or more with OpenFPC on large
> pcaps).
>
> On Fri, Jun 3, 2011 at 10:02 AM, Lay, James <james.lay at ...15009...>
> wrote:
> > Hey all!
> >
> >
> >
> > Topic says it..anyone run Snorby here?  Would love to get some
> opinions.I'm
> > needing something more.."pretty" (though personally I think tailing .fast
> > logs in a console is pretty).  Thanks for any input.
> >
> >
> >
> > James
> >
> >
> ------------------------------------------------------------------------------
> > Simplify data backup and recovery for your virtual environment with
> vRanger.
> > Installation's a snap, and flexible recovery options mean your data is
> safe,
> > secure and there when you need it. Discover what all the cheering's
> about.
> > Get your free trial download today.
> > http://p.sf.net/sfu/quest-dev2dev2
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data is
> safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data is
> safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110606/78cde959/attachment.html>


More information about the Snort-users mailing list