|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Correlation on Snort Events
From: Kamal Ahmed (Kamal.Ahmed
esecurity.net)
Date: Mon Sep 05 2005 - 23:22:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
What snort can do is (as per my understanding) is to generate events
based on rules, or to sniff/snoop network traffic, this is all well and
good, but I do not see a person going thru every log message to find out
meaningful information, regarding what the packet actually meant to do
(in case of any intrusion type attack). Is there a correlation engine ,
which can have rules like:
If message A is received which contains X text, and within N amount of
time another message B is received on the wire, containing Y text ,
generate an log message , and also send an e-mail to (let's say Security
Administrator)
Thanks,
-Kamal.
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]