[ossec-list] Re: Snort vs. OSSEC

Fri, 01 Sep 2006 09:42:33 -0700 

Makes sense.

-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED]
On Behalf Of Herb Commodore
Sent: Friday, September 01, 2006 11:37 AM
To: [email protected]
Subject: [ossec-list] Re: Snort vs. OSSEC




Marty,

Snort & OSSEC are two different layers of security.  Using both
together would improve the overall security level of a site.  Snort &
co watches for network events; OSSEC HIDS, from what I've been able to
tell, watches & coordinates host-based events.  And you can
use OSSEC to monitor snort logs and send alerts based on those --
instead of using some other application to monitor the snort logs.

Basically, best practices would dictate using both a network-based IDS
such as snort, as well as a host-based IDS such as OSSEC.

                        -- Herb


"Marty E. Hillman" <[EMAIL PROTECTED]> writes:

> I am not trying to start a flame war here - just trying to get a
better
> sense of direction no how to best protect my network.  Does anyone
know
> what the advantage to using OSSEC HIDS over Snort is?  
> 
> I have been playing with OSSEC quite successfully for the past week in
a
> demo environment, but it seems to have stopped sending email alerts
> sometime last evening.  I thought since I would have to do a bunch of
> rebuilding that I might give other products a shot.
> 
> I need to monitor Windows and Cisco devices and like the aggregation
of
> data and alerting functions within OSSEC.  Does anyone have
experiences
> with other products that they would be willing to share?
> 
> Marty
> 
> 
> 
> This electronic mail (including any attachments) may contain
information that 
> is privileged, confidential, and/or otherwise protected from
disclosure to 
> anyone other than its intended recipient(s). Any dissemination or use
of this 
> electronic email or its contents (including any attachments) by
persons other 
> than the intended recipient(s) is strictly prohibited. If you have
received 
> this message in error, please notify us immediately by reply email so
that we 
> may correct our internal records. Please then delete the original
message 
> (including any attachments) in its entirety. Thank you.
> 
> 
> 

-- 
Herb Commodore <[EMAIL PROTECTED]>              +1.919.660.6951
IT Security Office, OIT, Duke University
Box 104106, Durham NC  27708

Reply via email to