Snort Report 19 Posted

My 19th Snort Report titled Using SnortSP and Snort 2.8.2 has been posted. From the article:

Solution provider takeaway: Solution providers will learn how to set up two Snort 3.0 beta components -- the Snort Security Platform (SnortSP) and the Snort 2.8.2 detection engine on the SnortSP.

In the last Snort Report, I discussed the architectural basics of Snort 3.0. The new Snort system consists of the Snort Security Platform (SnortSP) plus an assortment of engines. SnortSP is a foundation that provides traffic-inspection functions, like packet acquisition, traffic decoding, flow management and fragment reassembly. Each engine runs as a module on SnortSP. The first available module is a port of Snort 2.8.2 specifically for running on top of SnortSP.


I can never tell when SearchSecurity will post these articles... this one is dated 5 Sep but I just noticed it online.

Comments

Anonymous said…
Hi Richard:
recently, I found a tool called Trisul Network [1] for network metering and forensics. Have you ever worked with this tool? Do you think is usefull for NSM? I know other similar comercial tools like Packeteer, but Trisul seems an interesting alternative in GPL enviroments.

http://www.unleashnetworks.com/trisul/doku.php

Best regards,
Enrique Martin.
Anonymous said…
Even i have heard about the Trisul, never used. But I think it works well.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics