tag:blogger.com,1999:blog-4088979.post1029871892378197083..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Security Onion + (ELSA or Snorby) + CapMe = AwesomeRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-41158769606047748692016-08-16T10:06:07.142-04:002016-08-16T10:06:07.142-04:00Please ask here:
https://groups.google.com/forum/...Please ask here:<br /><br />https://groups.google.com/forum/#!forum/security-onionRichard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-3921872837596873222016-08-12T21:10:18.574-04:002016-08-12T21:10:18.574-04:00I know this is an old thread but I am spinning in ...I know this is an old thread but I am spinning in circles creating a project plan for an Enterprise Security solution and could use some help. What is the actual tool that will be capturing and storing the pcaps? Is CapMe simply a plugin to integrate the pcap accessibility to ELSA or Bro?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-54468952409840185492013-01-24T08:13:03.765-05:002013-01-24T08:13:03.765-05:00An alternative to CapMe (or tcpflow or Wireshark&#...An alternative to CapMe (or tcpflow or Wireshark's Follow TCP stream for that matter) is to use <a href="http://netresec.com/?b=13135F8" rel="nofollow">CapLoader's Transcript</a> feature. I believe CapLoader will be faster than the others when dealing with large captures.Erik Hhttp://www.netresec.comnoreply@blogger.com