On Mon, 2015-06-22 at 11:10 -0400, Peter Milazzo wrote: > Hello all, > > I wanted to see if anyone is using AlienVault and has gotten a plugin to > work with pfSense. > > Thank you, > Peter Milazzo
Peter I've just quickly waded through the marketing material and I'm not sure what a plugin would do (once you've written it) except for perhaps automatically creating IP blocklists. To get the data into the USM thing use port spanning or similar so that it can see the traffic flows and content. If the USM can spit out a CSV of IPs or similar, you could get pfSense to "subscribe" to that list. These sorts of products are not simply drop in and forget and require very careful thought about what you are trying to achieve, despite the marketing blurb. If you are just dipping your toe in the water then before committing real cash, you might like to investigate Snort and Securicata on pfSense itself. Also see the Security Onion Linux distro or roll your own with the likes of the above and Logstash/Kibana/ElasticSearch. Also, consider a Kali Linux VM or similar for pre packaged scanning. For my money, the DIY approach means you really get into the nitty-gritty and it provides real insights into what is actually going on in amongst those network flows. It's hard work though. Even if you fork out for something like AlienVault, unless you are simply ticking a box then spend some time with it to get good results. Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
