[Snort-users] can we setup acid with snort ++

Noah Dietrich noah_dietrich at 86penny.org
Thu Jun 14 11:35:14 EDT 2018


I'm a huge fan of Splunk (or alternately the ELK stack, which is similar).
Both are cross-platform (i believe you can install the ELK stack on
windows, according to google) and have a lot of power. plus these systems
work well as SIEM's when you ingest other security log data in addition to
your Snort events to help get a bigger picture of your threats and
attackers.
I've successfully setup Snort3 with Splunk and the ELK stack using the new
JSON output, and it worked really well.

Noah


On Thu, Jun 14, 2018 at 4:52 PM, Joel Esler (jesler) via Snort-users <
snort-users at lists.snort.org> wrote:

>
>
> On Jun 14, 2018, at 8:45 AM, Marcin Dulak via Snort-users <
> snort-users at lists.snort.org> wrote:
>
> On Thu, Jun 14, 2018 at 2:19 PM,  <wkitty42 at windstream.net> wrote:
>
>> On 06/13/2018 06:28 PM, Michael Steele wrote:
>>
>>> Joe,
>>>
>>> I hope you will also be thinking about Windows users when you are
>>> working on
>>> a Snort 3.0 solution for a GUI.
>>>
>>
> do we really need a new GUI - can't elasticsearch/kibana be used or
> https://github.com/jasonish/evebox?
>
> Marcin
>
>
>
> I have an idea for a different kind of GUI.  But yes, elasticsearch/kibana
> with Snort 3 can certainly be used with the json output module.
>
> --
> *Joel Esler*
> Sr. Manager
> Open Source, Design, Web, and Education
> Talos Group
> http://www.talosintelligence.com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180614/a1546728/attachment.html>


More information about the Snort-users mailing list