[Snort-users] There appears to be a bug in Base-1.4.5
jthoel at ...11827...
Tue Oct 9 19:21:55 EDT 2012
There is an option for this.. it's just not a sticky option. It's in
the events tab, the upper right hand button is a config and you can
check it, but it reverts back. This is one of a few things I need to
write a bug/feature request for..
On Tue, Oct 9, 2012 at 5:16 PM, Jefferson, Shawn
<Shawn.Jefferson at ...14448...> wrote:
> "I'd like all alerts to be "rolled up" into one line like BASE does"
> Sorry I meant, all unique alerts (ie. GID/SID pair).
> -----Original Message-----
> From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...]
> Sent: Tuesday, October 09, 2012 4:11 PM
> To: Dustin Webber
> Cc: Snort-Users Users
> Subject: Re: [Snort-users] There appears to be a bug in Base-1.4.5
> Hi Dustin,
> I'd like all alerts to be "rolled up" into one line like BASE does. I'd like to be able to have the "unique IP links" per SID view like BASE has. I didn't see that last time I looked at snorby, maybe that is there and I missed it?
> As far as StreamDB/OpenFPC, can you have both of them at the same time? The lookup API sounds interesting... I'll have to look into that again. HIPS is SEP, it's a MSSQL database... (there is a possibility to use Symantec System Center and hook into that.)
> No, I'd rather use your product-but it didn't fit my requirements at the time, if it does now, that's great! As far as vulns in BASE, I'm sure there is, but I have it very locked down... I don't let just any computer connect to it-which in my case is an adequate compensating control (among others.)
> to stay current on all the latest Snort news!
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users