[Snort-users] Pigsty - A Barnyard2 Replacement by Threat Stack

Jeremy Hoel jthoel at ...11827...
Mon Jun 3 18:56:20 EDT 2013


And just to clarify a bit.. if someone did want to run BY2 and pigsty,
the snort would need to output two unified2 files, so each could
process their own without interfering with each other?





On Mon, Jun 3, 2013 at 10:31 PM, Dustin Webber <dustin.webber at ...11827...> wrote:
> James,
>
> Good question - we are currently working on a Sguil plugin. You will just
> need to replace barnyard 2. We will also be releasing static versions of
> pigsty so you don't have to install nodesjs or any dependencies for that
> matter. We will not make this the standard for Snorby until all plugins are
> completed. We open sourced it early to get people interested in writing
> plugins for it and porting over the output methods people are interested in.
>
> I'll post here again when the move to Pigsty and all output plugins are 100%
> completed.
>
> Dustin
>
> Dustin Willis Webber
>
>
> On Mon, Jun 3, 2013 at 6:19 PM, James Lay <jlay at ...13475...> wrote:
>>
>> On 2013-06-03 14:59, Dustin Webber wrote:
>> > Hey guys,
>> >
>> > We wrote a Barnyard2 replacement we wanted to open source.    Its
>> > designed to be very extensible with a very simple plugin
>> > architecture based around Node.jss package management.  Please
>> > check it out here: https://github.com/threatstack/pigsty [1].
>> >
>> > Its currently in beta but wed love contributions and help test and
>> > write plugins.
>> >
>> > Here is an example application we wrote using the mysql and web
>> > socket
>> > output plugins. http://snorby.org:3009/ [2]
>> >
>> > Its important to note that we will be moving Snorby to this spooler
>> > in
>> > the future and will no longer support barnyard/2. We plan to open
>> > source a few parts of our Threat Stack Incident Response System and
>> > unfortunately making barnyard/2 work with our communication protocols
>> > and backend is not possible.
>> >
>> > Either way great things coming to the Snorby project and Im excited
>> > to
>> > see what the community builds with Pigsty.
>> >
>> > Happy NSM hacking!
>> >
>> >  DUSTIN WILLIS WEBBER
>> >
>> > CEO and Co-Founder at Threat Stack, Inc
>>
>>
>> "Its important to note that we will be moving Snorby to this spooler in
>> the future and will no longer support barnyard/2."
>>
>> So say if someone was running sguil in tandem with Snorby....they're
>> going to have to run by2 AND this?
>>
>> James
>>
>>
>> ------------------------------------------------------------------------------
>> How ServiceNow helps IT people transform IT departments:
>> 1. A cloud service to automate IT design, transition and operations
>> 2. Dashboards that offer high-level views of enterprise services
>> 3. A single system of record for all IT processes
>> http://p.sf.net/sfu/servicenow-d2d-j
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list