[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] Plans to add Web GUI Snort Rules Management?
From:       Dustin Webber <dustin.webber () gmail ! com>
Date:       2013-03-31 23:21:16
Message-ID: 3A96EDE0-8A2D-4499-B836-D410E008AF81 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hey GP,

It will be hard for us to port back the rules management from Snorby Cloud due to the \
fact it relies heavily on our custom agents. (i.e when you tune/threshold or edit a \
rule we push it directly to the agents you requested it to be on.)

RedBorder has rule management support but i'm not sure how functional it is. (not \
sure if it supports multiple remote sensors or if you can disable/enable per sensor) \
I don't have any plans to merge their code into the master branch anytime soon.

With all that being said we plan to open source our agent unified2 processor called \
`pigsty` and will talk to the team about our options technically speaking in pushing \
that back to the OS project.

A new version of Snorby will be released in the coming month including three major \
features we are going to back-port from snorby cloud. just FYI.

Dustin Webber
dustin.webber@gmail.com

On Mar 31, 2013, at 6:04 PM, Greg Porter <gsporter@gmail.com> wrote:

> It looks like Snorby is adding snort rule management to some of it's GUI's
> i.e. Snorby Cloud, RedBorder 
> 
> Does anyone know if this additions will find their way into the open source code \
> base, and eventually become part of Security Onion? 
> Ref:
> 
> Snorby Clouds Rules Management Rules!
> http://blog.snorby.org/post/43989221688/snorby-clouds-rules-management-rules
> 
> Snorby Cloud also includes built-in IDS rules management. Easily, edit, enable, \
> disable, suppress, and apply thresholds to rules right from the user interface.  
> 
> 
> RedBorder Home  Products  IPS
> http://redborder.net/products/ips/
> 
> Hierarchical rule management with domains, subdomains, sensors, etc.
> Action configuration (Alert, Drop, ).
> Rule workflow (Versioning, Rollback).
> Flowbit resolution.
> Rule searching.
> 
> GP
> 
> -- 
> You received this message because you are subscribed to the Google Groups \
> "security-onion" group. To unsubscribe from this group and stop receiving emails \
> from it, send an email to security-onion+unsubscribe@googlegroups.com. To post to \
> this group, send email to security-onion@googlegroups.com. Visit this group at \
> http://groups.google.com/group/security-onion?hl=en-US. For more options, visit \
> https://groups.google.com/groups/opt_out. 
> 


[Attachment #5 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html \
charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space; "><div>Hey \
GP,</div><div><br></div><div>It will be hard for us to port back the rules management \
from Snorby Cloud due to the fact it relies heavily on our custom agents. (i.e when \
you tune/threshold or edit a rule we push it directly to the agents you requested it \
to be on.)</div><div><br></div><div>RedBorder has rule management support but i'm not \
sure how functional it is. (not sure if it supports multiple remote sensors or if you \
can disable/enable per sensor) I don't have any plans to merge their code into the \
master branch anytime soon.</div><div><br></div><div>With all that being said we plan \
to open source our agent unified2 processor called `pigsty` and will talk to the team \
about our options technically speaking in pushing that back to the OS \
project.</div><div><br></div><div>A new version of Snorby will be released in the \
coming month including three major features we are going to back-port from snorby \
cloud. just FYI.</div><br><div apple-content-edited="true"> <div style="color: rgb(0, \
0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; \
text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: \
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; "><div style="color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; \
font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; \
text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: \
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; "><div>Dustin Webber</div><div><a \
href="mailto:dustin.webber@gmail.com">dustin.webber@gmail.com</a></div></div></div> \
</div> <br><div><div>On Mar 31, 2013, at 6:04 PM, Greg Porter &lt;<a \
href="mailto:gsporter@gmail.com">gsporter@gmail.com</a>&gt; wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite">It looks like Snorby is \
adding snort rule management to some of it's GUI's<br>i.e. Snorby Cloud, RedBorder \
<br><br>Does anyone know if this additions will find their way into the open source \
code base, and eventually become part of Security Onion?<br><br>Ref:<br><br>Snorby \
Clouds Rules Management Rules!<br><a \
href="http://blog.snorby.org/post/43989221688/snorby-clouds-rules-management-rules">ht \
tp://blog.snorby.org/post/43989221688/snorby-clouds-rules-management-rules</a><br><br>Snorby \
Cloud also includes built-in IDS rules management. Easily, edit, enable, disable, \
suppress, and apply thresholds to rules right from the user interface. \
<br><br><br><br>RedBorder Home  Products  \
IPS<br>http://redborder.net/products/ips/<br><br>Hierarchical rule management with \
domains, subdomains, sensors, etc.<br>Action configuration (Alert, Drop, ).<br>Rule \
workflow (Versioning, Rollback).<br>Flowbit resolution.<br>Rule \
searching.<br><br>GP<br><br>-- <br>You received this message because you are \
subscribed to the Google Groups "security-onion" group.<br>To unsubscribe from this \
group and stop receiving emails from it, send an email to \
security-onion+unsubscribe@googlegroups.com.<br>To post to this group, send email to \
security-onion@googlegroups.com.<br>Visit this group at \
http://groups.google.com/group/security-onion?hl=en-US.<br>For more options, visit \
https://groups.google.com/groups/opt_out.<br><br><br></blockquote></div><br></body></html>



["smime.p7s" (smime.p7s)]

0	*H
 010	+0	*H
 300 q_Mtq40
	*H
0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0
040101000000Z
281231235959Z010	UUS10	UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Client \
Authentication and Email0"0 	*H
0
9}A;bF7`u9eJGHjM5BI/|1Nd.)բdąQ5yNh{zɤ2O0 \
nFxoY^/m/묡j.g5yiF v:z'[=s"HaLi.1 \
,׉CZqYں  gT:
wetbh~GeMW(t40b0,'0#0U#0 
#>)00Ug}ĝ&pKPH|=n}0U0U00U%0++0U \
 00U 0{Ut0r08 6 42http://crl.comodoca.com/AAACertificateServices.crl06 4 \
20http://crl.comodo.net/AAACertificateServices.crl0	`HB0 	*H
<~	 v9<Oૄ]Te;m|7,%T_!7OTklE`-QLf< \
J?VvÂOlatG@We"'gOWdZٍ/i)J /LQFĊ7N \
	1hǞċ~2hD*Q`Mt:C29V:RAC3'9N&9≸])&A곛wuʵeJc>D^s00 \
mOj3""2zq0 	*H
010	UUS10	UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Client \
Authentication and Email0 110428000000Z
200530104838Z010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA0"0
	*H
0
[KW^/@ȣSX_fe2N2}UxLUB'qi2@'Vbqi \
c^`ʢAjHmeC*.+c8w߱ ڂ2jgo \5Tq 7
PSlY1	LR@[HhJ$:q_㬿;%qh=XF<hmz!W42~JRrd&N`ohQcB}"cө \
ΞD\[5K0G0U#0g}ĝ&pKPH|=n}0UzNt[xcd'/ \
[y{0U0U00U  00U 0XUQ0O0M K \
IGhttp://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0t+ \
h0f0=+01http://crt.usertrust.com/UTNAddTrustClient_CA.crt0%+0http://ocsp.usertrust.com0
 	*H
־xWUm3DRB
JAIZҭsn>&|L0(B<%>
u=9fѡMo(ltZڱuz/yVtCr`9 G:eH<=%`I?C
3_н`j;:<I3B)93i.EMiڀ=]|Gm]W0KID~y83 \
:]&XaU!ՙC@B0Ұun000 q:.[J5ݚh0 	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA0
130301000000Z
140301235959Z0(1&0$	*H
	dustin.webber@gmail.com0"0
	*H
0
cLb[1a&Y=:ukq47 QUܮofec~|yFjKO!Beɯ^ \
\m;ܷ0@ԋ	/`sEa	N!6BY&rBai#{KoeVSBϮT9D;pС(n5bl,m \
BBu+J \
7h1	"0F:l)[d;-">UZI00U#0zNt[xcd'/ \
[y{0U	BqzT\cF0U 0U00 \
U%0++10	`HB 0FU \
?0=0;+10+0)+https://secure.comodo.net/CPS0WUP0N0L J \
HFhttp://crl.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crl0+ \
|0z0R+0Fhttp://crt.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0"U0dustin.webber@gmail.com0
 	*H
RY}LXqXԆlR" s	\;yK
\xf(	O)=oQ%vU(AWljqVݢ^?:Ӧnc}r&H(5r[
 Ոh*՚\t*'K	 \
+e=no-՜9v&z5ӘX4a{it5؁	RD!5c*^URm(X100010	UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1907U0COMODO Client \
Authentication and Secure Email CAq:.[J5ݚh0	+ 0	*H \
	1	*H 0	*H
	1
130331232117Z0#	*H
	1ܯA]R.l0	+710010	UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1907U0COMODO Client \
Authentication and Secure Email CAq:.[J5ݚh0*H 	1 \
010	UGB10UGreater Manchester10USalford10U COMODO CA \
Limited1907U0COMODO Client Authentication and Secure Email \
CAq:.[J5ݚh0 	*H
)zְU䍘; Ivv+$Nsr-xp|
ShyEҽLǚZ$R𒌓qp/q*𭨖ƞsEhe+AݱX
lߙQmScDɫޞ0Ń]UL}u|A{UUiVA	AMaؙX
.ocCEXu<F@V۵vB[.;MV[SCZ



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic