[Snort-users] Barnyard2 and Snortsam for 2.9.7.0

Ian snort_list at ...16912...
Mon Dec 15 07:45:42 EST 2014


On 12/12/2014 16:28, Shirkdog wrote:
> Good ole' SnortSam. It was a great way to create custom actions and
> update your firewall config once a specific alert triggered.
> 
> With DAQ and the ability to block in an IPS fashion, I am not sure if
> anyone is still using it.
> 
> ---
> Michael Shirk

Hi,

We use snortsam extensively here.  Its useful to send out blocks to
other networks that have not yet seen attacks.

We run it as a daemon though, not compiled into snort.

Regards

Ian
-- 

> 
> 
> On Fri, Dec 12, 2014 at 10:53 AM, Sec_Aficionado
> <secaficionado at ...11827...> wrote:
>> Hello there,
>>
>> I was looking through Barnyard2's barnyard2.conf file and noticed the section under
>> # alert fw_sam: allow blocking of IP's through remote services
>>
>> However, I can't find a Snortsam version for snort later than 2.9.5.3
>>
>> Does anyone here know if the project changed name or moved somewhere else for newer snort versions?
>>
>> As usual, thanks in advance!
>>
>> Sent from my mobile
>> Any weird stuff in the message above is autocorrect's fault
>> ------------------------------------------------------------------------------





More information about the Snort-users mailing list