[Snort-users] Pigsty - A Barnyard2 Replacement by Threat Stack

Steven McLaughlin steve at ...16368...
Tue Jun 4 04:34:30 EDT 2013


'No, they can read from the same files without conflict.'

Q: What if by2 is set to archive processed files. Both would be at separate
bookmark locations would they not? Meaning that if by2 for example archived
a .u2 after processing and pigsty was a few ticks behind, it could miss a
few?




On 4 June 2013 09:22, Dustin Webber <dustin.webber at ...11827...> wrote:

> No, they can read from the same files without conflict.
>
> *Dustin Willis Webber*
>
>
> On Mon, Jun 3, 2013 at 6:56 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
>
>> And just to clarify a bit.. if someone did want to run BY2 and pigsty,
>> the snort would need to output two unified2 files, so each could
>> process their own without interfering with each other?
>>
>>
>>
>>
>>
>> On Mon, Jun 3, 2013 at 10:31 PM, Dustin Webber <dustin.webber at ...11827...>
>> wrote:
>> > James,
>> >
>> > Good question - we are currently working on a Sguil plugin. You will
>> just
>> > need to replace barnyard 2. We will also be releasing static versions of
>> > pigsty so you don't have to install nodesjs or any dependencies for that
>> > matter. We will not make this the standard for Snorby until all plugins
>> are
>> > completed. We open sourced it early to get people interested in writing
>> > plugins for it and porting over the output methods people are
>> interested in.
>> >
>> > I'll post here again when the move to Pigsty and all output plugins are
>> 100%
>> > completed.
>> >
>> > Dustin
>> >
>> > Dustin Willis Webber
>> >
>> >
>> > On Mon, Jun 3, 2013 at 6:19 PM, James Lay <jlay at ...13475...>
>> wrote:
>> >>
>> >> On 2013-06-03 14:59, Dustin Webber wrote:
>> >> > Hey guys,
>> >> >
>> >> > We wrote a Barnyard2 replacement we wanted to open source.    Its
>> >> > designed to be very extensible with a very simple plugin
>> >> > architecture based around Node.jss package management.  Please
>> >> > check it out here: https://github.com/threatstack/pigsty [1].
>> >> >
>> >> > Its currently in beta but wed love contributions and help test and
>> >> > write plugins.
>> >> >
>> >> > Here is an example application we wrote using the mysql and web
>> >> > socket
>> >> > output plugins. http://snorby.org:3009/ [2]
>> >> >
>> >> > Its important to note that we will be moving Snorby to this spooler
>> >> > in
>> >> > the future and will no longer support barnyard/2. We plan to open
>> >> > source a few parts of our Threat Stack Incident Response System and
>> >> > unfortunately making barnyard/2 work with our communication protocols
>> >> > and backend is not possible.
>> >> >
>> >> > Either way great things coming to the Snorby project and Im excited
>> >> > to
>> >> > see what the community builds with Pigsty.
>> >> >
>> >> > Happy NSM hacking!
>> >> >
>> >> >  DUSTIN WILLIS WEBBER
>> >> >
>> >> > CEO and Co-Founder at Threat Stack, Inc
>> >>
>> >>
>> >> "Its important to note that we will be moving Snorby to this spooler in
>> >> the future and will no longer support barnyard/2."
>> >>
>> >> So say if someone was running sguil in tandem with Snorby....they're
>> >> going to have to run by2 AND this?
>> >>
>> >> James
>> >>
>> >>
>> >>
>> ------------------------------------------------------------------------------
>> >> How ServiceNow helps IT people transform IT departments:
>> >> 1. A cloud service to automate IT design, transition and operations
>> >> 2. Dashboards that offer high-level views of enterprise services
>> >> 3. A single system of record for all IT processes
>> >> http://p.sf.net/sfu/servicenow-d2d-j
>> >> _______________________________________________
>> >> Snort-users mailing list
>> >> Snort-users at lists.sourceforge.net
>> >> Go to this URL to change user options or unsubscribe:
>> >> https://lists.sourceforge.net/lists/listinfo/snort-users
>> >> Snort-users list archive:
>> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> >>
>> >> Please visit http://blog.snort.org to stay current on all the latest
>> Snort
>> >> news!
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > How ServiceNow helps IT people transform IT departments:
>> > 1. A cloud service to automate IT design, transition and operations
>> > 2. Dashboards that offer high-level views of enterprise services
>> > 3. A single system of record for all IT processes
>> > http://p.sf.net/sfu/servicenow-d2d-j
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> >
>> > Please visit http://blog.snort.org to stay current on all the latest
>> Snort
>> > news!
>>
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Best Regards,
Steven McLaughlin
steve at ...16368...
0459 351 266
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130604/da9c1679/attachment.html>


More information about the Snort-users mailing list