[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Snort and FW-1 .. feasible?
On Wed, 13 Dec 2000, Imre Kertesz wrote: > I am interested in the process by which intrusion detection products > such as RealSecure dynamically push rules to FW-1. I want to use other > intrusion detection apps, such as Snort, to work with FW-1 in the same > capacity. I assume that this will involve getting the interface API and > coding some custom linking apps. Is there an easier way to do this? Much easier, just integrate the use of SAM. I've created a FW-1 script that does just this, http://www.enteract.com/~lspitz/intrusion.html. With snort, one of the things you can have it do is log alerts to a log file, such as /var/adm/messages. Then have swatch monitor the alerts and call on SAM when a specific signature(s) are met. hope that helps lance ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|