[Snort-users] New IDS best practise

Dustin Webber dustin.webber at ...11827...
Thu Nov 17 22:05:20 EST 2011


Martin,

I recently wrote this lib https://github.com/mephux/unified2 which Snorby will be using soon.
As of this email rUnified2 supports everything available in the current snort unified2 implementation.

Also, for fun I wrote a distributed httpy collection lib. https://github.com/mephux/rhttpry

- Dustin


On Nov 17, 2011, at 9:29 PM, Martin Holste wrote:

>> As a reminder, unified2 does output the URL associated with an event in its logs.
> 
> I was going to mention that, but other than u2spewfoo, I didn't know
> of a good way of getting that into something like Snorby.  I glanced
> through the git commits for barnyard2, and I didn't see anything for
> the HTTP/SMTP logging.  Is anyone using this in their setup yet?
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111117/ade02b86/attachment.html>


More information about the Snort-users mailing list