[Intrusions] Looking for good correlation software.
Aaron Wade
agw8 at cornell.edu
Thu Sep 2 13:09:55 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would suggest you give sawmill a try.
http://www.sawmill.net/
Look here for what kinds of logs it supports:
http://sawmill.net/cgi-bin/sawmill7/sawmill.cgi?dp+docs.faq.entry+webvars.entry+logformats
HTH
- -Aaron
> >From: Hensinger Aaron D Contr MCOM <aaron.hensinger at schriever.af.mil>
> >Reply-To: "Intrusions List (GCIA Practicals)" <intrusions at lists.sans.org>
> >To: "'intrusions at lists.sans.org'" <intrusions at lists.sans.org>
> >Subject: [Intrusions] Looking for good correlation software.
> >Date: Wed, 1 Sep 2004 08:47:41 -0600
> >
> >I was wondering if anyone knew of any good correlation software that would
> >pull the data from *NIX and Windows machines and filter/sort the data with
> >the SNORT alerts.
> >
> >Thanks in advance for any information or help...
> >
> >Aaron
> >
> >_______________________________________________
> >Intrusions mailing list
> >Intrusions at lists.sans.org
> >http://www.dshield.org/mailman/listinfo/intrusions
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
- --
Aaron Wade
Windows and Classroom Support Specialist
ACCEL/Engineering Library
Cornell University
MCSE,A+
mobile: 607.227.1067
office: 607.254.2721
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBNxujnuZY5jZITcQRAsrxAJ9qMBC3DDWzsv6dYVqBfE2JfpHExQCeMUpk
uQ6c7QFb6dzoJluf1FlwTfE=
=hql2
-----END PGP SIGNATURE-----
More information about the Intrusions
mailing list