snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Combine NIDS with HIDS

Re: [Snort-users] Combine NIDS with HIDS

From: Stephen Mullins <steve.mullins.work_at_nospam>
Date: Sat May 30 2009 - 17:32:15 GMT
To: omar hussein <omar811128@gmail.com>


You can use Snort in conjunction with a HIDS. In terms of aggregating the data, I think you would use an SIEM (Security Information and Event Manager), like ArcSight, and have feeds from both Snort and your HIDS into it.

I don't think using a NIDS to cross-check or verify HIDS alerts is practical. I think the way to check a HIDS alarm is to remote into the system and check the file system etc.

You could use the HIDS to cross-check NIDS alerts though, and that would make sense to me.

Steve Mullins

On Sat, May 30, 2009 at 11:46 AM, omar hussein <omar811128@gmail.com> wrote:
> Hello gentleman,
>
> I was wondering of the ability of combining SNORT which is NIDS with HIDS
> software, and make both works on the same system?
>
>
>
> And is this going to be useful and provide more security? i'm sure that will
> depend on the mechanism that both software’s are going to use in order to
> cooperate between each other. Like using the alarms resulted from one
> software (like HIDS) and check it again by NIDS or vice versa.
> Kindest Regards
> Omar
> MSc Wireless Commincations systems
> London
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users