On Wed, 13 Dec 2000, Imre Kertesz wrote:
> I am interested in the process by which intrusion detection products
> such as RealSecure dynamically push rules to FW-1. I want to use other
> intrusion detection apps, such as Snort, to work with FW-1 in the same
> capacity. I assume that this will involve getting the interface API and
> coding some custom linking apps. Is there an easier way to do this?
Much easier, just integrate the use of SAM. I've created a FW-1 script
that does just this, http://www.enteract.com/~lspitz/intrusion.html.
With snort, one of the things you can have it do is log alerts to
a log file, such as /var/adm/messages. Then have swatch monitor
the alerts and call on SAM when a specific signature(s) are met.
hope that helps
lance
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
