June 12th, 2003 12:16 AM
I need to set up an IDS for a new company Ive pretty much come to the conclusion that Sourcefires Management console is a pathetic front end. Ive been looking over a few others and I came across PureSecure which seems to use a modified snort for NID and has all the HID I need. The front end is amazing which is exactly what I need.Any comments on this or reccomendations?
That which does not kill me makes me stronger -- Friedrich Nietzche
June 12th, 2003 04:01 AM
personally, i have used sourcefires MC, seen/heard puresecure, as far as usability is concerned, i guess it would be up to the administrator. we're looking into cisco IDS product, but i'm still pushing for snort box . you might want to check out icsalabs list for comment also.
June 12th, 2003 05:02 AM
I use PureSecure and like it very much. The only thing to keep in mind is that you access it by accessing an exe file through explorer and ISS (on win2k). This means that you have to be pretty careful. In particular, if you are running URLScan on that computer you can't block exe's as a class because URLScan isn't smart enough to allow a particular exe and no other. Depending on where you want to install it and the overall architecture of your net you can leave a modest hole if you don't think about it carefully.