Hi Younes,

I am not sure what extra information apart from the alert information you are looking. Alert contains the src (attacker) IP address, time of the alert etc. 

So when you add a rule to drop, you are effectively achieving the same thing - blocking the attack and logging the alert with the attack details.

 

Regards

Cynthia

 

From: Younes Abderrahmane [mailto:younes.abderrahmane31@gmail.com]
Sent: Sunday, June 10, 2018 5:17 AM
To: Cynthia Leonard (cyleonar) <cyleonar@cisco.com>
Cc: snort-users@lists.snort.org
Subject: Re: [Snort-users] It is possible to execute NIPS and NIDS together?
Importance: High

 

Thank you I really appreciate your help. **Cynthia Leonard **

 

so by configuring snort in NIPS mode and by putting rule action as  drop allows me to store  alerts in the database (using for that the barnyard plugin).

 

my purpose  is to block the attack attempts, and at the same time store the info of the attacker in a database (ip address, attack time, attacked ...).

 

best regards sincerely.

 

On Tue, Jun 5, 2018 at 11:08 AM, Cynthia Leonard (cyleonar) <cyleonar@cisco.com> wrote:

Hi Younes,

If you run Snort in NIPS mode , that should help you detect and block the attacks.  You can initially start with rule action as alert, if you want to only view the alerts, then you can change the rule action from alert -> drop if you want to block the attacks after taking a look at the alerts.

 

Regards

Cynthia

 

 

From: Snort-users [mailto:snort-users-bounces@lists.snort.org] On Behalf Of Younes Abderrahmane via Snort-users
Sent: Friday, June 1, 2018 10:15 PM
To: snort-users@lists.snort.org
Subject: [Snort-users] It is possible to execute NIPS and NIDS together?

 

Hello everyone ,

 

Is it possible to install snort in a machine as being NIDS to generate alerts and store them in the database (I have already made this stage using Barnyard2  and  MySQL database ) ,

and in the second machine as being NIPS to block the traffic generates by this NIDS?

 

 

my goal is to save the alerts in a MySQL database, and then block the attack attempts that generated these alerts.

I do not know if NIDS is able to do these two options (generate alerts and block attacks), that's why I thought about using a NIPS with NIDS.

it's possible

 

 

Thank you.