[Oisf-users] Suricata works; now what?

Shirkdog shirkdog at gmail.com
Wed May 6 12:19:46 UTC 2015


I would also recommend looking directly at the alerts on the command line,
if you are new to IDS/IPS so you can get a feel for the event flow.

You can do all of this with Security Onion.
On May 6, 2015 7:57 AM, "Doug Burks" <doug.burks at gmail.com> wrote:

> Hi James,
>
> Here are a few of my favorite interfaces for Suricata alerts:
>
> - Snorby
> https://www.snorby.org/
>
> - Squert
> http://www.squertproject.org/
>
> - Sguil
> https://bammv.github.io/sguil/
>
> - ELSA
> https://code.google.com/p/enterprise-log-search-and-archive/
>
> If you'd like to quickly try these interfaces, you could try Security
> Onion (which includes Suricata as well):
> http://securityonion.net
>
> On Wed, May 6, 2015 at 2:09 AM, James Moe <jimoe at sohnen-moe.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello,
> >   suricata 2.0.7
> >   linux 3.16.7-21-desktop x86_64
> >
> >   Suricata seems to be functioning correctly now that I gotten the
> > system set up appropriately.
> >   I am sure there are automated tools for alerting the user/admin that
> > alerts have been discovered.
> >   What are typical tools for monitoring suricata results?
> >
> > - --
> > James Moe
> > moe dot james at sohnen-moe dot com
> > 520.743.3936
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2
> >
> > iEYEARECAAYFAlVJr/wACgkQzTcr8Prq0ZOOVgCglxzQR0PkaSG30pl/NghE/4sE
> > si0An1GkCAIorD38FxmJOKsgouv0qyAf
> > =IGEM
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
>
>
> --
> Doug Burks
> Need Security Onion Training or Commercial Support?
> http://securityonionsolutions.com
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150506/7fb50e43/attachment-0002.html>


More information about the Oisf-users mailing list