[Snort-users] Pigsty - A Barnyard2 Replacement by Threat Stack

Dustin Webber dustin.webber at ...11827...
Mon Jun 3 19:22:33 EDT 2013


No, they can read from the same files without conflict.

*Dustin Willis Webber*


On Mon, Jun 3, 2013 at 6:56 PM, Jeremy Hoel <jthoel at ...11827...> wrote:

> And just to clarify a bit.. if someone did want to run BY2 and pigsty,
> the snort would need to output two unified2 files, so each could
> process their own without interfering with each other?
>
>
>
>
>
> On Mon, Jun 3, 2013 at 10:31 PM, Dustin Webber <dustin.webber at ...11827...>
> wrote:
> > James,
> >
> > Good question - we are currently working on a Sguil plugin. You will just
> > need to replace barnyard 2. We will also be releasing static versions of
> > pigsty so you don't have to install nodesjs or any dependencies for that
> > matter. We will not make this the standard for Snorby until all plugins
> are
> > completed. We open sourced it early to get people interested in writing
> > plugins for it and porting over the output methods people are interested
> in.
> >
> > I'll post here again when the move to Pigsty and all output plugins are
> 100%
> > completed.
> >
> > Dustin
> >
> > Dustin Willis Webber
> >
> >
> > On Mon, Jun 3, 2013 at 6:19 PM, James Lay <jlay at ...13475...>
> wrote:
> >>
> >> On 2013-06-03 14:59, Dustin Webber wrote:
> >> > Hey guys,
> >> >
> >> > We wrote a Barnyard2 replacement we wanted to open source.    Its
> >> > designed to be very extensible with a very simple plugin
> >> > architecture based around Node.jss package management.  Please
> >> > check it out here: https://github.com/threatstack/pigsty [1].
> >> >
> >> > Its currently in beta but wed love contributions and help test and
> >> > write plugins.
> >> >
> >> > Here is an example application we wrote using the mysql and web
> >> > socket
> >> > output plugins. http://snorby.org:3009/ [2]
> >> >
> >> > Its important to note that we will be moving Snorby to this spooler
> >> > in
> >> > the future and will no longer support barnyard/2. We plan to open
> >> > source a few parts of our Threat Stack Incident Response System and
> >> > unfortunately making barnyard/2 work with our communication protocols
> >> > and backend is not possible.
> >> >
> >> > Either way great things coming to the Snorby project and Im excited
> >> > to
> >> > see what the community builds with Pigsty.
> >> >
> >> > Happy NSM hacking!
> >> >
> >> >  DUSTIN WILLIS WEBBER
> >> >
> >> > CEO and Co-Founder at Threat Stack, Inc
> >>
> >>
> >> "Its important to note that we will be moving Snorby to this spooler in
> >> the future and will no longer support barnyard/2."
> >>
> >> So say if someone was running sguil in tandem with Snorby....they're
> >> going to have to run by2 AND this?
> >>
> >> James
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> How ServiceNow helps IT people transform IT departments:
> >> 1. A cloud service to automate IT design, transition and operations
> >> 2. Dashboards that offer high-level views of enterprise services
> >> 3. A single system of record for all IT processes
> >> http://p.sf.net/sfu/servicenow-d2d-j
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort
> >> news!
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > How ServiceNow helps IT people transform IT departments:
> > 1. A cloud service to automate IT design, transition and operations
> > 2. Dashboards that offer high-level views of enterprise services
> > 3. A single system of record for all IT processes
> > http://p.sf.net/sfu/servicenow-d2d-j
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort
> > news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130603/3a10aaee/attachment.html>


More information about the Snort-users mailing list