OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Richard Culshaw (RCulshaw_at_esign.com.au)
Date: Mon Jul 22 2002 - 17:25:17 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    Hi there,

    yes I have enabled it, it was really quite simple... I found out how to do from reading the knowledgebase at iss.

    1. you create a rule file and put that text file on your sensor somewhere.
    2. You go into the properties of the sensor from the workgroup manager, locate the sensor in the managed assets window, right click on it and select properties, on one of the tabs you see all the properties you can set, scroll down til you see trons enable and set that to true, then point the trons rules to the .rules file that you placed on the sensor in question. click ok.
    3. that is it.

    The only annoying thing that I found with creating snort rules for real secure is that you cannot use the NOT (!) operator when specifying addresses i.e.: ![192.168.1.0], this is really handy when creating rules.

    Richard

    -----Original Message-----
    From: Stephen Cooper [mailto:Stephen.Cooperbis.org]
    Sent: Monday, 22 July 2002 5:33 PM
    To: issforumiss.net
    Subject: TRONS Module for NS 7.0

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    Hello,

    Has anyone turned this on?

    Would you be willing to share your experience on how one enables a
    Snort ruleset to work with Realsecure?

    Regards

    Stephen

    DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent in good faith, but shall not be binding nor construed as constituting any obligation on the part of the Bank.

    CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is intended only for the use of the recipient(s) named above. If you have received this communication in error, please notify the sender immediately via e-mail and return the entire message. Thank you for your assistance.