[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] What Intruder Detection System (IDS) or Network Security Monitor (NSM) do you
From: Rain Li <lyp20062392 () gmail ! com>
Date: 2013-01-30 16:22:00
Message-ID: CAPc2ZY+nHDBVoTB6F1kxxE0iRDjUbMOAw9ApzKc1BXz2waSh2g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi, Dan,
Have you tried Bro? FYI, http://www.bro-ids.org/.
Regards
On Mon, Jan 28, 2013 at 12:46 PM, Dan Ballance <tzewang.dorje@gmail.com>wrote:
> Hi guys and girls,
>
> If anyone had 30 seconds to spare to make a recommendation I'd be very
> appreciative.
>
> I have tried to us Prelude in the past, but last time I looked, they had
> fallen out with Snort :(
>
> I have also tried Sguil and got that working nicely with Security Onion (
> http://securityonion.blogspot.co.uk ) for a single machine but will need
> something that can monitor network-wide.
>
> What are other folks out there using? Should I persevere with
> hand-rolling Sguil myself or is there another system out there that I have
> missed?
>
> thanks!
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
[Attachment #5 (text/html)]
<div dir="ltr">Hi, Dan,<div><br></div><div style>Have you tried Bro? FYI, <a \
href="http://www.bro-ids.org/">http://www.bro-ids.org/</a>. </div><div style><br></div><div \
style>Regards</div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Mon, Jan 28, 2013 at 12:46 PM, Dan Ballance <span \
dir="ltr"><<a href="mailto:tzewang.dorje@gmail.com" \
target="_blank">tzewang.dorje@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi guys and girls,<div><br></div><div>If anyone had 30 seconds to spare to make \
a recommendation I'd be very appreciative.</div><div><br></div><div> I have tried to us \
Prelude in the past, but last time I looked, they had fallen out with Snort \
:(</div><div><br></div><div>I have also tried Sguil and got that working nicely with Security \
Onion ( <a href="http://securityonion.blogspot.co.uk/" \
target="_blank">http://securityonion.blogspot.co.uk</a> ) for a single machine but will need \
something that can monitor network-wide.</div>
<div><br></div><div>What are other folks out there using? Should I persevere with hand-rolling \
Sguil myself or is there another system out there that I have \
missed?</div><div><br></div><div>thanks!</div>
<div><br></div><div><br></div></div>
<br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br></div>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic