[Snort-users] Barnyard2 alternatives?
doug.burks at ...11827...
Tue Aug 4 09:27:07 EDT 2015
On Tue, Aug 4, 2015 at 8:53 AM, Richard Monk <rmonk at ...4096...> wrote:
> We took a look at Sguil/Squert and were unimpressed with the feature set (in
> fact, we're slowly getting rid of snorby for the same reason). I'll take a look
> Right now, we like having the packet data that comes with "native" DB storage,
> although we're spinning up full packet capture/Bro to offset needing that as well.
The Sguil database stores the same alert payload data that the Snorby
database does. In addition, Sguil makes it very easy to pivot to full
packet capture. You can also easily add a hook to Sguil/Squert to
search for relevant Bro logs.
Need Security Onion Training or Commercial Support?
More information about the Snort-users