[Snort-users] Snort distributions

Jon M megajune at ...11827...
Wed Mar 6 09:33:05 EST 2013


We've recently started using Security Onion. Three hand-me-down
servers as sensors and $900 Intel 10G cards. We can run ~5,500 rules
with an average of 2.5G per sensor with acceptable packet loss of less
than 5% on average.


On Wed, Mar 6, 2013 at 9:02 AM, Doug Burks <doug.burks at ...11827...> wrote:
> Hi Alejandro,
>
> Yes, you can configure Security Onion to send alerts via email:
> https://code.google.com/p/security-onion/wiki/Email
>
> If you have further questions about Security Onion, please feel free
> to use our mailing list:
> https://code.google.com/p/security-onion/wiki/MailingLists
>
> Thanks,
> Doug
>
> On Wed, Mar 6, 2013 at 8:53 AM, Alejandro Cabrera Obed
> <aco1967 at ...11827...> wrote:
>> Ok, thank you...now I'm seeing the EasyIDS distribution but it's from 2009
>> I've checked.
>>
>> The last question: does SecurityOnion let real time alerting by mail???
>> Because it's very important that alerts come to me and not to access a web
>> page like BASE to check alerts once a day.
>>
>> Regards,
>>
>> Alejandro
>>
>> 2013/3/6 Jaime Nebrera <jnebrera at ...13472...>
>>>
>>>   Hi Alejandro,
>>>
>>>   If you want all bundled together, SecurityOnion is a great option. If
>>> you want just event viewing, Snorby. If you want to have more control, rule
>>> and sensor management but very controlled sensor systems, redBorder is your
>>> choice. If you dont mind to use a cloud service provider use Snorby Cloud.
>>>
>>>
>>> On 05/03/13 21:30, Alejandro Cabrera Obed wrote:
>>>
>>> Dear, what are the best recommended Snort distribution, in order to
>>> download the ISO image and install/configure an Snort IDS plus addons in an
>>> easy way ???
>>>
>>> I always install Snort package by package on Debian, but at this time I
>>> need some easy way installation to use in different companies, fast and
>>> easy.
>>>
>>> Thanks a lot,
>>>
>>> Alejandro
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_feb
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort
>>> news!
>>>
>>>
>>>
>>> --
>>> Jaime Nebrera - jnebrera at ...13472...
>>> Consultor TI - ENEO Tecnologia SL
>>> C/ Manufactura 2, Edificio Euro, Oficina 3N
>>> Mairena del Aljarafe - 41927 - Sevilla
>>> Telf.- 955 60 11 60 / 619 04 55 18
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>>> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
>>> endpoint security space. For insight on selecting the right partner to
>>> tackle endpoint security challenges, access the full report.
>>> http://p.sf.net/sfu/symantec-dev2dev
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort
>>> news!
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
>> endpoint security space. For insight on selecting the right partner to
>> tackle endpoint security challenges, access the full report.
>> http://p.sf.net/sfu/symantec-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
> --
> Doug Burks
> http://securityonion.blogspot.com
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list