[Snort-users] BASE and Snorby running together
scastle at ...14946...
Wed Feb 22 12:03:03 EST 2012
I'd like to try running BASE and Snorby (using Security Onion platform) together against the same database. I'm thinking that I only have to add the database tables peculiar to BASE:
I realize this is probably simplistic and there could be issues, such as deleting alerts in BASE will probably not delete all the alert data in all the tables. If anyone has done this dual setup successfully and has warnings or errors to avoid I'd like to know.
I might have to modify the BASE code to run successfully this way. Please, no evangelizing of Snorby over BASE; I just like a lot of the features available in BASE that are not there in Snorby (or if they are I can't seem to find them). OTOH there are a lot of BASE issues that drive me nuts and make me wish for an active support group.
And yes, I know this is probably a lost cause. I'd like to try anyway.
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
More information about the Snort-users