[Snort-users] Barnyard2 alternatives?

Doug Burks doug.burks at ...11827...
Tue Aug 4 09:27:07 EDT 2015


On Tue, Aug 4, 2015 at 8:53 AM, Richard Monk <rmonk at ...4096...> wrote:
> We took a look at Sguil/Squert and were unimpressed with the feature set (in
> fact, we're slowly getting rid of snorby for the same reason).  I'll take a look
> again.
>
> Right now, we like having the packet data that comes with "native" DB storage,
> although we're spinning up full packet capture/Bro to offset needing that as well.

The Sguil database stores the same alert payload data that the Snorby
database does.  In addition, Sguil makes it very easy to pivot to full
packet capture.  You can also easily add a hook to Sguil/Squert to
search for relevant Bro logs.

-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com




More information about the Snort-users mailing list