[Snort-users] Snort production setup design

Davison, Charles Robert cdaviso1 at ...17214...
Thu Dec 17 09:52:43 EST 2015

If you want to massively scale and don’t want performance issues I would just install snort on some Linux boxes in aws and use a SIEM like LogRhythm to manage alerting and notifications. If you want to know more just message me, you can do some cool stuff like build your own black lists and auto remediate malicious activity.

From: sandeep dubey [mailto:sandeep.sanash at ...11827...]
Sent: Thursday, December 17, 2015 7:09 AM
To: Rodgers, Anthony (DTMB) <RodgersA1 at ...17120...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort production setup design

Thanks Rodgers for reply,

I am running my production environment on public cloud Amazon Web Services (AWS), where i don't have control for installing iso/img etc.

Is SecurityOnion equivalent to OSSIM ?

On Thu, Dec 17, 2015 at 7:03 PM, Rodgers, Anthony (DTMB) <RodgersA1 at ...17120...<mailto:RodgersA1 at ...17120...>> wrote:
Can’t recommend SecurityOnion highly enough.

Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security

From: sandeep dubey [mailto:sandeep.sanash at ...11827...<mailto:sandeep.sanash at ...11827...>]
Sent: Thursday, December 17, 2015 04:53
To: snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>
Subject: [Snort-users] Snort production setup design


Is it possible to install snort in IDS mode on multiple servers (AWS EC2 instances ) and have a central server where analysis can be done through gui and also alerts/notification can be managed like OSSEC ?

If yes, what is the tools to use and how to move ahead?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151217/b525acf7/attachment.html>

More information about the Snort-users mailing list