[Snort-users] There appears to be a bug in Base-1.4.5

Jeremy Hoel jthoel at ...11827...
Tue Oct 9 19:21:55 EDT 2012


There is an option for this.. it's just not a sticky option.  It's in
the events tab, the upper right hand button is a config and you can
check it, but it reverts back.  This is one of a few things I need to
write a bug/feature request for..



On Tue, Oct 9, 2012 at 5:16 PM, Jefferson, Shawn
<Shawn.Jefferson at ...14448...> wrote:
> "I'd like all alerts to be "rolled up" into one line like BASE does"
>
> Sorry I meant, all unique alerts (ie. GID/SID pair).
>
> -----Original Message-----
> From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...]
> Sent: Tuesday, October 09, 2012 4:11 PM
> To: Dustin Webber
> Cc: Snort-Users Users
> Subject: Re: [Snort-users] There appears to be a bug in Base-1.4.5
>
> Hi Dustin,
>
> I'd like all alerts to be "rolled up" into one line like BASE does.  I'd like to be able to have the "unique IP links" per SID view like BASE has.  I didn't see that last time I looked at snorby, maybe that is there and I missed it?
>
> As far as StreamDB/OpenFPC, can you have both of them at the same time?  The lookup API sounds interesting... I'll have to look into that again.  HIPS is SEP, it's a MSSQL database... (there is a possibility to use Symantec System Center and hook into that.)
>
> No, I'd rather use your product-but it didn't fit my requirements at the time, if it does now, that's great!  As far as vulns in BASE, I'm sure there is, but I have it very locked down... I don't let just any computer connect to it-which in my case is an adequate compensating control (among others.)
>
> to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list