Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Deployment Configurations

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 7 Feb 2011 16:34:51 -0500
On Mon, Feb 7, 2011 at 1:39 PM, Martin Holste <mcholste () gmail com> wrote:


BTW, I tend to prefer SANCP to collect data in a format more conducive
for analysing "flows at rest".



Yes SANCP is awesome!  I just wish it didn't require a span/tap at
every sniff point.  For branch offices, netflow is usually the only
option.  A netflow converter/plugin for SANCP would be very cool so
that two separate reporting infrastructures weren't required.



We have products at Sourcefire that can do all of those (flows,
identification, and netflow).  However, since we try really hard not to
advertise on the lists here, if you want more information feel free to email
me.


-- 
Joel Esler | 706-231-1451 | http://blog.snort.org | http://blog.clamav.net

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: