NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Snort and FW-1 .. feasible?



On Wed, 13 Dec 2000, Imre Kertesz wrote:

> I am interested in the process by which intrusion detection products
> such as RealSecure dynamically push rules to FW-1.  I want to use other
> intrusion detection apps, such as Snort, to work with FW-1 in the same
> capacity. I assume that this will involve getting the interface API and
> coding some custom linking apps. Is there an easier way to do this?

Much easier, just integrate the use of SAM.  I've created a FW-1 script
that does just this, http://www.enteract.com/~lspitz/intrusion.html.

With snort, one of the things you can have it do is log alerts to
a log file, such as /var/adm/messages.  Then have swatch monitor
the alerts and call on SAM when a specific signature(s) are met.

hope that helps

lance



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.