[Oisf-users] IPS alternatives to Snort's guardian?

Leonard Jacobs ljacobs at netsecuris.com
Wed Jan 27 21:59:23 UTC 2016

As a OISF Board Member, why would you not want to run Suricata in IPS mode?  AF-Packet mode works great as IPS.

 From:   John Devine <john.devine at nuspire.com> 
 To:   "oisf-users at lists.openinfosecfoundation.org" <oisf-users at lists.openinfosecfoundation.org> 
 Sent:   1/27/2016 2:10 PM 
 Subject:   [Oisf-users] IPS alternatives to Snort's guardian? 

Hi all,
 Currently I run snort as an IDS and guardian as an IPS. I am looking for alternatives to guardian for IPS software because guardian does not allow me to manually unblock specific IP addresses or change the duration of which something is blocked without some  hassle or custom scripts. I have been messing around with Suricata and have successfully got it running both in IDS and IPS mode and alerting successfully. Right now I want to run Suricata as an IDS and have some other open source software to run as my IPS.  Are there any decent alternatives to guardian.pl which allow me to manually unblock specific IP addresses and change the length of time in which something is blocked? I am looking for a good IPS 'companion' to run in tandem with Suricata.
 Thanks in advance

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160127/cce1deef/attachment-0002.html>

More information about the Oisf-users mailing list