Saturday, September 27, 2008

Snort Report 19 Posted

My 19th Snort Report titled Using SnortSP and Snort 2.8.2 has been posted. From the article:

Solution provider takeaway: Solution providers will learn how to set up two Snort 3.0 beta components -- the Snort Security Platform (SnortSP) and the Snort 2.8.2 detection engine on the SnortSP.

In the last Snort Report, I discussed the architectural basics of Snort 3.0. The new Snort system consists of the Snort Security Platform (SnortSP) plus an assortment of engines. SnortSP is a foundation that provides traffic-inspection functions, like packet acquisition, traffic decoding, flow management and fragment reassembly. Each engine runs as a module on SnortSP. The first available module is a port of Snort 2.8.2 specifically for running on top of SnortSP.

I can never tell when SearchSecurity will post these articles... this one is dated 5 Sep but I just noticed it online.


Enrique Martin said...

Hi Richard:
recently, I found a tool called Trisul Network [1] for network metering and forensics. Have you ever worked with this tool? Do you think is usefull for NSM? I know other similar comercial tools like Packeteer, but Trisul seems an interesting alternative in GPL enviroments.

Best regards,
Enrique Martin.

Offshore Software Development India said...

Even i have heard about the Trisul, never used. But I think it works well.