[Snort-users] Snorby usage
doug.burks at ...11827...
Wed Nov 5 17:26:26 EST 2014
On Wed, Nov 5, 2014 at 4:51 PM, Pradeep Mocherla <saipradeep7 at ...11827...> wrote:
> Hi, I'm new to snorby. I'm doing a project where I need to create 3 machines
> to be installed in a virtual box. One for attacking, one more for observing
> and other one as a victim. Now I'm using security onion for observing
> attacks, Kali Linux to attack and again linux as a victim. Now I have few
> doubt's regarding usage of snorby in security onion.
> How to set the ids to monitor the victim IP address that is Linux address
> I.e where do I need to change the setting.
"If you’re monitoring IP address ranges other than private RFC1918
address space (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12), you should
update your sensor configuration with the correct IP ranges. Sensor
configuration files can be found in /etc/nsm/HOSTNAME-INTERFACE/.
Modify either snort.conf or suricata.yaml (depending on which IDS
engine you chose during sosetup) and update the HOME_NET variable. "
> Second one, how to change the rules to snorby or view the rules in snorby??
If you have further questions or problems relating to Security Onion,
please use the security-onion Google Group:
Need Security Onion Training or Commercial Support?
More information about the Snort-users