RE: Snortcenter, Prelude-IDS - How does it compare to Sguil?

From: Hazel, Scott A. (Scott.Hazel_at_unisys.com)
Date: 08/29/05

  • Next message: Stefano Zanero: "Re: IPS comparison" 
    Date: Mon, 29 Aug 2005 02:07:17 -0400
To: <focus-ids@securityfocus.com>

    I have not tried Prelude yet but I'm curious to know how it compares to Sguil. From you description below it seems they fill the same role as the analyst's console. Has anyone compared them? Thanks.

    Scott Hazel

    -----Original Message-----
    From: Cedric Foll [mailto:cedric.foll@ac-rouen.fr]
    Sent: Tuesday, August 16, 2005 4:23 AM
    To: Sven Müller
    Cc: focus-ids@securityfocus.com
    Subject: Re: Snortcenter, Prelude-IDS

    Hi,

    >
    > Do you have any experiences with Prelude?
    >

    I use it for several months and i'm really happy with it.

    If you want only use snort (it's what i do) this is the idea:
    You install several snort v2.4.0. This version is able to send repport to a prelude manager.
    Then you install a prelude-manager and configure all your snort to repport their alert their. It's very easy and secure (ssl protocol with host and server auth via a pre-shared key).
    So you centralize all your alert and you can visualize them via prewikka a very nice web-based application.

    Furthemore, the ml is very responsive, the team is helpful and kind.

    Regards. 

    --
Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen
"More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
Bruce Schneier
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
  • Next message: Stefano Zanero: "Re: IPS comparison"

    Relevant Pages

    • Re: Are there any other open sources IDS that not based on snort?
      ... Prelude is not based on the snort architecture, ... I am doing a research on network security concentrating on correlation ...
      (Focus-IDS)
    • ANNOUNCE: Prelude Reporting Patch for Snort
      ... Prelude Reporting Patch for Snort 1.8.7 and 1.8.6 ... The Prelude Development Team is proud ... sending alerts in the common format using the libprelude library. ...
      (Focus-IDS)
    • Re: Snortcenter, Prelude-IDS
      ... > Do you have any experiences with Prelude? ... You install several snort v2.4.0. ... This version is able to send repport ... So you centralize all your alert and you can visualize them via prewikka ...
      (Focus-IDS)
    • Re: Mandrake MNF
      ... switching on the Snort or Prelude, hung on boot, only way out was reinstall. ... > Mandrake has released the next version of their Single Network Firewall. ...
      (comp.security.firewalls)
    • Re: IDS Opinions
      ... Prelude markets themselves as a framework, ... does quite a bit more than Snort. ... snort-a-like implementations, or they provide their own "complete" ...
      (Focus-IDS)