[Snort-users] There appears to be a bug in Base-1.4.5

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Oct 9 19:16:01 EDT 2012


"I'd like all alerts to be "rolled up" into one line like BASE does"

Sorry I meant, all unique alerts (ie. GID/SID pair).

-----Original Message-----
From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...] 
Sent: Tuesday, October 09, 2012 4:11 PM
To: Dustin Webber
Cc: Snort-Users Users
Subject: Re: [Snort-users] There appears to be a bug in Base-1.4.5

Hi Dustin,

I'd like all alerts to be "rolled up" into one line like BASE does.  I'd like to be able to have the "unique IP links" per SID view like BASE has.  I didn't see that last time I looked at snorby, maybe that is there and I missed it?

As far as StreamDB/OpenFPC, can you have both of them at the same time?  The lookup API sounds interesting... I'll have to look into that again.  HIPS is SEP, it's a MSSQL database... (there is a possibility to use Symantec System Center and hook into that.)

No, I'd rather use your product-but it didn't fit my requirements at the time, if it does now, that's great!  As far as vulns in BASE, I'm sure there is, but I have it very locked down... I don't let just any computer connect to it-which in my case is an adequate compensating control (among others.)

to stay current on all the latest Snort news!




More information about the Snort-users mailing list