[Bro] [Fwd: Re: snort tamandua or prelude ids plus bro?]

Christian Kreibich christian at whoop.org
Fri Aug 6 14:34:40 PDT 2004 

Hey,

a bit of motivation to get the documentation up to speed :)

Cheers,
Christian.

-----Forwarded Message-----
> From: Lee Sheng <momosisco at hotmail.com>
> To: focus-ids at securityfocus.com
> Subject: Re: snort tamandua or prelude ids plus bro?
> Date: Fri, 06 Aug 2004 22:46:53 +0800
> 
> rmkml,
> 
> Actually i'm thinking of adding bro too, but the thing is lack of 
> documentation on Bro, can you point me out where can i find useful 
> whitepaper or guides on deploying Bro cause I got no time to start  
> everything from scratch.
> 
> Thanks.
> 
> 
> Regards,
> Lee
> 
> 
> >From: rmkml <rmkml at wanadoo.fr>
> >To: Lee Sheng <momosisco at hotmail.com>
> >Subject: Re: snort tamandua or prelude ids
> >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST)
> >
> >Hi Lee,
> >
> >add bro in possible choice ?
> >
> >Regards
> >
> >Rmkml at Wanadoo.fr
> >
> >
> >On Fri, 6 Aug 2004, Lee Sheng wrote:
> >
> >>Date: Fri, 06 Aug 2004 18:37:16 +0800
> >>From: Lee Sheng <momosisco at hotmail.com>
> >>To: focus-ids at securityfocus.com
> >>Subject: snort tamandua or prelude ids
> >>
> >>All,
> >>
> >>Thanks to all of you who have answered my question, it's so nice to get so 
> >>many suggestions nad helps from the community.
> >>
> >>My another question is no doubt the snort is one of the best ids compare 
> >>to other ids. However I really interested in the tamandua ids which 
> >>implementing the boolean layer to detect the patent of the attack(less 
> >>alse postive). Anyone have experiences in deploying tamandua ids and I 
> >>would like to know whether tamandua ids is still active or the development 
> >>of tamandua ids is already dead. If you have experience on deploying, 
> >>hopefully you guys can share expericience with me. Then about the prelude 
> >>IDS, prelude ids seems very complicated and I still not sure where to 
> >>start. Anyone have any ideas cause now I still in the way of thinking 
> >>which ids to deploy for the company. Snort, tamandua or prelude?
> >>Prelude seems more in depth on tracking what attacker try to do with HIDS 
> >>as well. I've one and half years experience in snort (not in transparent 
> >>mode of course). If I want to save my time, sure I will choose snort, 
> >>however I would like to hear from you all. Thanks again.
> >>
> >>
> >>Regards,
> >>Lee
> >>
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org

More information about the Bro mailing list