[Snort-users] Snorby opinions

Dustin Webber dustin.webber at ...11827...
Mon Jun 6 13:38:06 EDT 2011


All,

I would like to clarify that I was talking about the languages -- not
applications written in them. If you're a good programmer you could build
amazing applications with anything. Just consider all languages before you
start a new project. If that language works best for the job... then use it.
(except php.. never use that.)

Honestly.. we should all be writing in TCL anyways...

Dustin W. Webber
Dustin.Webber at ...11827...

On Mon, Jun 6, 2011 at 12:30 PM, Dustin Webber <dustin.webber at ...11827...>wrote:

> Snorby is not about being `flashy` - It's about proper interface design and
> workflow. The ability to produce metrics and quickly navigate
> (hotkeys), classify and investigate are a few of snorbys strengths.
>
> Snorby will be moving to a custom collection/processing system soon using
> my unified2 lib (https://github.com/mephux/unified2) and the
> snorby-collect cl tool (https://github.com/Snorby/snorby-collect). This
> will open a few doors for snorby users likes event
> preprocessing/categorization before insert/storage using a simple and clean
> DSL (Like a unified2 ORM - supporting all modern datastores: key/value,
> mongodb etc..). You will have the ability to design the datastore to fit
> your needs and snorby will just sit on top with a translation layer.
>
> The security community seems to have a personal vendetta with design and
> new technology. I'm not sure I will ever fully understand why but in my eyes
> if we don't start moving forward and accepting UX theory
> and incorporating new technologies (yes, lets stop using perl and php
> please) we will never evolve. </rant>
>
> Sometimes pretty does not mean gimmick, we just cared about it.
>
> Dustin W. Webber
> Dustin.Webber at ...11827...
>
>
> On Mon, Jun 6, 2011 at 12:06 PM, Jefferson, Shawn <
> Shawn.Jefferson at ...14448...> wrote:
>
>> I'm one of those BASE people still... It's difficult to move off of it
>> now, since I've modified it to link with my patch management and AV/HIPS
>> products (as well as StreamDB and OpenFPC).
>>
>> What does Snorby give you that BASE doesn't (besides a much flashier GUI?)
>>
>> -----Original Message-----
>> From: Martin Holste [mailto:mcholste at ...11827...]
>> Sent: Sunday, June 05, 2011 9:58 AM
>> To: Lay, James
>> Cc: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Snorby opinions
>>
>> Snorby is great--anyone still messing around with BASE is missing out!
>>
>> Also, if you want a ridiculously fast packet capture tool to integrate
>> with Snorby, you can use StreamDB (streamdb.googlecode.com) as a
>> drop-in replacement for OpenFPC (Snorby hooks into OpenFPC under
>> "Packet Capture Options").  Your packets (streams in this case) will
>> load instantaneously (versus a minute or more with OpenFPC on large
>> pcaps).
>>
>> On Fri, Jun 3, 2011 at 10:02 AM, Lay, James <james.lay at ...15009...>
>> wrote:
>> > Hey all!
>> >
>> >
>> >
>> > Topic says it..anyone run Snorby here?  Would love to get some
>> opinions.I'm
>> > needing something more.."pretty" (though personally I think tailing
>> .fast
>> > logs in a console is pretty).  Thanks for any input.
>> >
>> >
>> >
>> > James
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> > Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> > secure and there when you need it. Discover what all the cheering's
>> about.
>> > Get your free trial download today.
>> > http://p.sf.net/sfu/quest-dev2dev2
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> secure and there when you need it. Discover what all the cheering's about.
>> Get your free trial download today.
>> http://p.sf.net/sfu/quest-dev2dev2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> secure and there when you need it. Discover what all the cheering's about.
>> Get your free trial download today.
>> http://p.sf.net/sfu/quest-dev2dev2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110606/887b2804/attachment.html>


More information about the Snort-users mailing list