January 5th, 2005, 07:45 PM
Snort and Sourcefire
I appologise if this question has already been asked.
I have several questions hope people can answer it.
1. There is Snort and Sourcefire , Sourcefire utilises Snort as the basis for its applications. What i want to know is what changes/enhancements does the IDS offered at sourcefire have over the free Snort offered at Snort.com
2.Has anyone used Prelude IDS ? if so what comments do you have on it . also how does it compare to Snort.
January 5th, 2005, 08:51 PM
These questions would be best answered by viewing the products webiste. They will usually have a reason or FAQ on what differs from their product and another.
From what I gather it looks like sourcefire is an actual system your place on your network. Where snort is simply a program. Heres a bit from the site.
Today: The Best of Both Worlds
Today, Sourcefire combines the very best of open source with the best of the commercial world.
Leveraging the power and reach of the open source Snort rules-based detection engine, Sourcefire adds a critical layer of asset and behavioral profiling. Sourcefire’s RNA (Real-time Network Awareness) maintains a persistent profile of a network and its assets. Using passive discovery methods, RNA adds a new level of visibility and intelligence.
Sourcefire products are easy to use, out of the box, tuned and fully loaded, plug-n-protect appliances, with pre-optimized hardware and OS. Building on the proven, time-tested Snort intrusion detection engine, Sourcefire brings a new generation of the first ever unified intrusion and vulnerability management technologies to enterprises from manufacturing to the military.
These include Sourcefire Intrusion Agents™ for Snort, commercial appliance versions based on Snort code, designed to make it easy for open source Snort users to fully capitalize on their investment in all open source Snort deployments.
In addition, the Sourcefire Vulnerability Research Team (VRT), joined by the eyes and ears of the vast open source Snort community put the largest brain trust in network security at work for every Sourcefire customer.
As part of an ongoing dedication and active involvement in the community, Sourcefire continues to enhance Snort. For example, the Sourcefire Security Education Program is a comprehensive certified training program. Delivered direct from the creators of Snort, users will learn the latest real world tools and techniques for optimizing Snort technology and all Sourcefire products.
Sourcefire will continue to enhance open source as well as commercial versions. The result is a win-win for bringing truly effective network security for the real world.
Whats a \"START\" button?
January 5th, 2005, 08:58 PM
I have spoken with them at great length over the past year. They sell "ready made" boxes that you don't need to configure and the boxes are updated by their team, such as snort signatures. Just like your antivirus software. They inlclude decent monitoring tools or you can pay them do it. It's a snort IDS you don't have to build. They take care of the OS, database, reporting system and configuration.
//EDIT Oops, Just like spazz mentioned. They aslo have classes on how to use the appliance.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
January 6th, 2005, 01:40 AM
mooret, this may confuse you slightly more, but there are alot more programs that will read your snort logs and parse them just as Sourcefire does.
so try checkin snorts website (as spazzmatrix mentioned) they probably have a forum or newsgroup or even check out #snort on freenode i think.