[Snort-users] Fwd: IP Resolution

Peter Bates peter.bates at ...15381...
Fri Jun 1 09:45:07 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 01/06/2012 14:24, Michael Brown wrote:
> I was wondering how I could set up snort or a script to take a set
> of IP addresses and resolve them so I can see what country the
> alerts are being generated through and then have them updated in a
> new column within the database? Ultimately I would like to get show
> the country's flag but I can work that out later. Any suggestions
> would be great or is this even possible?

Probably your simplest solution is to look at Squert/Snorby, and again
the easiest solution to that is probably Security Onion:
http://securityonion.blogspot.com/

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPyMdjAAoJELhVoVpEMS6RwuwIALVKXcXipZ/gUUL/dX1esv36
iv5iLRhnemV1Nski6Q62BmzbO4RtZQBsedAi63FmcY3aSDf2QtEnSt56vzW5kRNv
qmKto8wohuxPZFvwQ7bzx1jTdQte5J+6xzwOb298nwHXu6eXZl8HX7+bOGjW3P1E
/V7/KPhlsYsIq+SLR/of4Ey258Lx9NniMo06XKm86o0/HkkB0fK6RQRcSqoYSFO7
/Hy/qRcerVQyHWwHGpHK2AqebTBpScjvJpsAqqsnc/AClueICvHu5KOxn+BJLrD6
QoP3sj4dAlkuZlppCMWIynhS/kC41lESlLxTjVohrHlEsoonSgZvlSJ6Wb50Gqk=
=blrX
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list