[Snort-users] Fwd: [barnyard2-users] Can get barnyard2 to read from Snort log but won't write to alert file
mulhern at ...11827...
Mon Jul 22 21:22:36 EDT 2013
Well, that all makes sense. This tool that you mention below is in-house, I
take it? (I'm presuming that otherwise you'ld have mentioned it by name).
On Mon, Jul 22, 2013 at 5:54 PM, waldo kitty <wkitty42 at ...14940...>wrote:
> On 7/22/2013 17:28, mulhern wrote:
> > plus, i do not run barnyard ;) O:)
> > Oh, how do you use Snort then? I was getting the impression that the
> > way was to plunk Snort output to unified for speed and then have
> barnyard decode
> > what it's got.
> what do you mean? snort runs on its own... nothing else is needed... all
> other tools are for correlating the alerts with the traffic and other
> on the network so that blocks can be initiated or dropped, infestations
> can be
> detected and possibly blocked while letting the infested machine's owner
> about the infestation and other similar tasks...
> in my case, i use an auto-response tool that reacts to snorts alerts...
> tool initiates and manages automatic blocking of IPs causing alerts to be
> by snort... my users are taught that if they cannot get to some site or
> there is
> a problem downloading files, they are to ask the security team to check
> and see
> if the site was blocked... at that point, it is up to the security team and
> management to decide if the block is proper or should be dismissed...
> on the situation, the user may even receive a reprimand for trying to go
> to a
> site that is not allowed by network policy...
> aside from all of that, we use the raw pcaps and the information from the
> alert... we don't really need anything else at this time... no fancy
> graphs, no
> fancy charts and no reports... management doesn't have time for all that
> muckity-muck and we're not going to give it to them anyway O:)
> NOTE: No off-list assistance is given without prior approval.
> Please keep mailing list traffic on the list unless
> private contact is specifically requested and granted.
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users