[Snort-users] snort installation and usage
wkitty42 at ...14940...
Sat Jan 18 19:57:48 EST 2014
On 1/18/2014 1:48 PM, Adrian Sevcenco wrote:
> This confirmation is enough :) Thanks!
you are welcome ;)
> OTOH, how do you use snort? is there a GUI of some kind that can be an
> direct visual interface for the snort data? (without the intermediate
no... our operation reads snort's default ALERT file directly and issues
automatic firewall blocking commands based on our app's configuration and the
alert's level of severity... as with any other security setup, this requires
tuning for one's network and its traffic... in our setup, the only human
interaction is to white list IPs or rules by GID/SID or whole entire GID groups...
for our users that have the time to perform the necessary tuning, this works
great... for those that don't have the time to tune or don't have the time to
learn what's needed to know to decide what method to use to tune (eg: you can
white list by IP, SID or GID and each can be done in one of several places which
give different benefits or drawbacks), it can be a bit of a hassle and lead to
quite some complaints due to a lack of understanding...
our app is not something that you set and forget... it requires human tuning for
the first "while" of use... "while" may be days or months... it is generally not
something that a support service can offer unless they can get intimate with
their clients' networks and stay intimate with that network until the tuning is
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users