[Oisf-users] Interoprability of Suricata with commercial firewalls
carlopmart
carlopmart at gmail.com
Tue Feb 2 14:50:35 UTC 2010
Matt Jonkman wrote:
> I'd like to reinforce that we're definitely considering that, and ideas
> are very welcome.
>
> At the very minimum we'll work to make suricata snortsam compatible. But
> it's very possible that we'll move some of that snortsam functionality
> into the suricata engine itself under the IP Reputation umbrella.
>
> Do you see more detailed or more expansive functionality that snortsam
> of interest, or do you have more ideas there?
>
> Matt
>
Uhmm ..no at first development stage. I think it is very important to
develop/integrate IPS Suricata's features with some firewalls. For example with these:
- Iptables
- PF based firewalls
- CheckPoint
- StoneGate
- ¿Cisco ASA?
Another interesting point to consider could be the integration of Suricata's logs
and alerts under Management servers in the case of stonegate or checkpoint, for example.
As an example, with stonesoft's SMC server this can be done using logging profiles
for third party devices features, like stoneblog shows:
- General url: http://stoneblog.stonesoft.com/stoneblog-community/files/
- Cisco logging profile:
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/ciscoasa_logging_profile.zip
- Snort logging profile (using syslog):
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/snort_syslog_logging_profile.zip
- Sonicwall:
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/sonicwall_logging_profile.zip
What do you think??
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list