Snort is a fantastic detection engine, but interpreting the default output (text files of alerts and Libpcap traces of offending packets) is not for the faint of heart. I recommend anyone who wants to fully leverage Snort to investigate a Snort add-on such as Bamm Visscher's Sguil suite. Sguil is an interface to Snort alerts, but it supplements Snort alerts with session data collected by John Curry's SANCP program and full content data collected by a variety of sources. Once you've tried Sguil, you will wonder how you ever detected and responded to intrusions without it.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.