[Snort-users] There appears to be a bug in Base-1.4.5
Shawn.Jefferson at ...14448...
Tue Oct 9 19:16:01 EDT 2012
"I'd like all alerts to be "rolled up" into one line like BASE does"
Sorry I meant, all unique alerts (ie. GID/SID pair).
From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...]
Sent: Tuesday, October 09, 2012 4:11 PM
To: Dustin Webber
Cc: Snort-Users Users
Subject: Re: [Snort-users] There appears to be a bug in Base-1.4.5
I'd like all alerts to be "rolled up" into one line like BASE does. I'd like to be able to have the "unique IP links" per SID view like BASE has. I didn't see that last time I looked at snorby, maybe that is there and I missed it?
As far as StreamDB/OpenFPC, can you have both of them at the same time? The lookup API sounds interesting... I'll have to look into that again. HIPS is SEP, it's a MSSQL database... (there is a possibility to use Symantec System Center and hook into that.)
No, I'd rather use your product-but it didn't fit my requirements at the time, if it does now, that's great! As far as vulns in BASE, I'm sure there is, but I have it very locked down... I don't let just any computer connect to it-which in my case is an adequate compensating control (among others.)
to stay current on all the latest Snort news!
More information about the Snort-users