Hello, Theresa! I'm not go with snort instead of suricata. A have production snort deployment on my work. It provides access to big amount of log samples and user experience of LightSIEM.
Anyway, suricata supports all relevant snort log formats. So you can use all types of snort input in LightSIEM with suricata. If you find some errors, feel free to report about it - I will try to help and fix them. пт, 3 июля 2015 г. в 20:14, theresa mic-snare <[email protected]>: > sounds awesome, great work Daniil! > > just out of curiosity, why did you decided to go with snort instead of > suricata? > http://suricata-ids.org > > keep up the good work! > > > Am Samstag, 28. März 2015 17:29:54 UTC+1 schrieb Daniil Svetlov: >> >> Hi, community! >> >> I have suffer of lacking SIEM system for OSSEC for several years. I tried >> Splunk, but it is very expensive. I also tried OSSEC WebUI, but I deleted >> it after few hours. A lot of time I sent OSSEC alerts to Prelude IDS and >> used Prewikka as web interface, but it have some bugs and was not actively >> developed. >> >> I saw several articles about parsing OSSEC in Logstash and Elasticsearch. >> It inspired me to create a batch of configs for parsing OSSEC and Snort >> logs. >> I created some patterns for parsing OSSEC and Snort alerts and now I plan >> to add more possible event sources. I wrote configs for Elasticsearch and >> Logstash, made few dashborads for Kibana as main part of WebUI. >> Kibana havn't got builtin authentication, so i found another project - >> Kibana Authentication Proxy and add it to my configuration too. >> I have also create some common model for SIEM messages based on IDMEF >> class hierarchy. I hope it will help to normalize events from different >> sources to one format. And that will help to analyze and visualize them. >> >> At the end of all that work I have make ansible playbook for easy and >> fast deploing all stuff and configs. So, my playbook take all that things >> together and run. >> >> Try LightSIEM progect on GitHub https://github.com/dsvetlov/lightsiem >> >> Hope it will help somebody to deploy free and opensource SIEM. >> >> I will be thankful for all your comments, advices and suggestions. >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
