[Snort-users] Defense center

Jeremy Hoel jthoel at ...11827...
Tue Feb 25 11:25:10 EST 2014


SourceFire used to have an agent that you could run on snort boxes to feed
to DC.  I don't know if they still do now. It was limited in scope, only
taking snort events but not a way to manage a single point for the rules.
This was 2 years ago that we had talked to a sales guy.  If they don't they
will probably recommend the virtual SF.

For what its worth we have 11 Sourcefire devices and 50+ snort sensors and
we do no do what you are asking about.  At the time the cost for the agents
plus the cost for the larger Defense Center (something that you need to
remember will probably need to be increased too) made it very expensive.
We instead use snorby for snort stuff and then feed both sets of alert into
Splunk for reporting and quick research.

I would reach out to a SourceFire sales person for updated info.
On Feb 25, 2014 8:52 AM, "SnortFan" <SnortFan at ...131...> wrote:

> Hi All,
>     Does anyone know if it's possible to feed snort alerts into source
> fire's defense center? We're looking into adding in a source fire product
> and thus having a mixed environment.
>
> Thanks,
> Ed
>
> Sent from a mobile device.
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140225/02812dc7/attachment.html>


More information about the Snort-users mailing list