Menu
▾
▴
smoothsec-talk — Smooth-Sec discussion list
You can subscribe to this list here.
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2012 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Roberto C. <rob...@gm...> - 2014-09-26 13:06:40
|
Dear, I have installed Security Onion but it's possible use it as IDS, not IPS. Now I'm looking for an open source software that let me setup as an IPS, in an easy way. I've read about Smooth-sec but I can't understand the way to turn it in an IPS. Please can you tell me if it's possible to use Smooth-sec as a robust IPS, and if it's possible to manage some functions or view events in the web console??? Thanks a lot, Roberto |
|
From: jeffrey b. <sha...@ya...> - 2012-10-04 19:38:49
|
Hi, Kindly send me tips or tutorial regarding smooth-sec and suricata. Thanks |
|
From: David M. <dav...@jp...> - 2012-08-01 17:11:46
|
Hi, I just got smoothsec installed today. Very straightforward install except for requiring firmware to load the Broadcom NIC. Anyway, I haven't really touched the config, but i'm getting lots of alerts that look like: Snort Alert [1:2210020:0] Thinking the 2210020 bit was a Snort ID, I tried clicking on "Query Signature Database" but that came back with no results and I can't find reference to it in the .map files. Am I missing something obvious? Any help would be appreciated. David |
|
From: <ph...@ba...> - 2012-07-29 22:08:13
|
Today I'm pleased to announce the long-awaited release of Smooth-Sec 64bit edition. This new version brings substantial improvements in term of high performances with the adoption of 64bit Debian gnu-Linux operating system. Smooth-Sec 64bit edition features: Operating system: Debian 6.0 squeeze 64-bit IDS: Suricata 1.3 stable WEB Console: Snorby 2.5.1 Database: MariaDB 5.5.25 Log interpreter: Barnyard2 2.1.10-beta2 Web framework: nginx/0.8.54 - passenger-3.0.4 ISO Download: http://bailey.st/downloads/SmoothSec/SmoothSec-2.0-amd64.iso md5sum file: http://bailey.st/downloads/SmoothSec/SmoothSec-2.0-amd64.iso.txt I hope you enjoy it, Phillip -- www.bailey.st IM: p0b...@ja... |
|
From: <ph...@ba...> - 2012-02-15 17:38:26
|
On 02/14/2012 04:55 PM, Joseph Spenner wrote: > Hello, I'm just getting started and have a few questions. > > 1) Snorby itself, as presented on http://www.snorby.org/ looks a lot > like Smooth-Sec, as presented on http://bailey.st/blog/smooth-sec/ > What is the difference between these 2 ISO images? Insta-Snorby is equipped with Snort as IDS/IPS engine, Smooth-Sec uses Suricata as IDS/IPS engine. > > 2) I read on the Snorby site that it interfaces with Snort, Suricata, > and Sagan. Does this mean I can use the snort rules I get from my > oinkmaster code? Advantages/disadvantages over using the Emerging Rules > file which appears to be part of the Smooth-Sec distro? Suricata support as well Snort rules. Snorby is the web interface, and can be plugged to any IDS/HBIDS that is compatible with the Snort standard.Using Snort or Suricata it's about tastes. > > 3) How often is that file, > http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz > updated, generally? The rules are updated on daily base. > > 4) I saw something called "Insta Snorby". Anyone know much about this? > http://www.turnkeylinux.org/forum/general/20101206/insta-snorby-official-snort-snorby-turn-key-solution If you want to use snort, go ahead with Insta-Snorby. > 5) I've had my Smooth-Sec up and running for nearly a day. I'm not > seeing anything on the Dashboard (all 3 are zero), but in the right > column under the "Last 5 Unique Events", I see items in the ET Policy > sections: > 30 of "ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)", with a > red 1 (High Severity) > 1 of "ET POLICY Suspicious inbound to Oracle SQL port 1521", with a > yellow 2 (Medium Severity) > Why don't these show up in the main screen area of the Dashboard? > Check if the Snorby worker is working and caching the events, if the Worker doesn't show up, you can start it manually with the script /root/script.utils/StartWorker > Any help would be great. > > Thanks! Peace, Phillip -- www.bailey.st IM: p0b...@ja... |
|
From: Joseph S. <jos...@ya...> - 2012-02-14 15:55:35
|
Hello, I'm just getting started and have a few questions. 1) Snorby itself, as presented on http://www.snorby.org/ looks a lot like Smooth-Sec, as presented on http://bailey.st/blog/smooth-sec/ What is the difference between these 2 ISO images? 2) I read on the Snorby site that it interfaces with Snort, Suricata, and Sagan. Does this mean I can use the snort rules I get from my oinkmaster code? Advantages/disadvantages over using the Emerging Rules file which appears to be part of the Smooth-Sec distro? 3) How often is that file, http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz updated, generally? 4) I saw something called "Insta Snorby". Anyone know much about this? http://www.turnkeylinux.org/forum/general/20101206/insta-snorby-official-snort-snorby-turn-key-solution 5) I've had my Smooth-Sec up and running for nearly a day. I'm not seeing anything on the Dashboard (all 3 are zero), but in the right column under the "Last 5 Unique Events", I see items in the ET Policy sections: 30 of "ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)", with a red 1 (High Severity) 1 of "ET POLICY Suspicious inbound to Oracle SQL port 1521", with a yellow 2 (Medium Severity) Why don't these show up in the main screen area of the Dashboard? Any help would be great. Thanks! If life gives you lemons, keep them-- because hey.. free lemons. |
|
From: <ph...@ba...> - 2011-12-11 13:41:05
|
Hi Tulio, can you add a few more details of which kind of signature you'd like to import. Phillip On 12/09/2011 09:41 PM, Tulio Souza wrote: > Hello, Team > > the smoothsec is it possible import signatures of the some antivirus? > > Best Regars > > Tulio > > > ------------------------------------------------------------------------------ > Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and point of > discussion for anyone considering optimizing the pricing and packaging model > of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > Smoothsec-talk mailing list > Smo...@li... > https://lists.sourceforge.net/lists/listinfo/smoothsec-talk -- www.bailey.st IM: p0b...@ja... |
|
From: Tulio S. <tg...@uo...> - 2011-12-09 20:42:08
|
Hello, Team the smoothsec is it possible import signatures of the some antivirus? Best Regars Tulio |
2 messages has been excluded from this view by a project administrator.