[Intrusions] IDS & snort !!

[Jeff Dell]

There are a few tools that Activeworx is working on to do this. 

The first Honeynet Security Console(HSC) is for personal use only. It works
well for monitoring events from your personal snort sensors and has some
strong forensic tools for not only Snort ids, but also for TCPDump, Sebek,
Syslog and Firewall Logs. You can download it at: www.activeworx.org

The second is Activeworx Security Center(ASC) which is for commercial use
and adds a lot of great features onto HSC such as Detailed Reporting,
syslog/snmp event collector, Event Relationship Diagrams, Database Manager,
Ability to add unlimited number of databases, Vulnerability event type, and
more. You can download a free 30-day trial at: www.activeworx.com. I might
also add that if you are working on your GCIA, this tool has some strong
analysis and forensic capabilities that might help you out. With a free
30-day trial, that should be enough time to get some good info out of this
tool. 

And to complete your full IDS you need something to configure your snort
rules... So, Activeworx also has a free tool to configure your snort rules
called IDS Policy Manager. You can download it at: www.activeworx.org.

Cheers,

Jeff Dell
Activeworx, Inc.


-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org] On Behalf Of Mohammad M. Al-Kurbi
Sent: Monday, June 07, 2004 6:04 AM
To: intrusions at incidents.org
Subject: [Intrusions] IDS & snort !!

Dear all ...

  I am seeking your experience on the best tools that works with snort,
and would build a full IDS.

  Snort would do: Sniffing + Detection + Alerting.

  I would like to know the proper tools (From your experience) that helps
to complete the cycle:

	- Monitoring Console (GUI).
	- Forensic Tools (If available).
	- Reporting facilties.


Best Regards ...

_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions