Using BASE - post incident

  • rmoore

    rmoore - 2009-07-04

    I am interested in using BASE to analyze pcap files post incident instead of as a sensor.  I have been working on using Snort to replay the pcap file and log it to the appropriate database - without success.  If someone has worked through this and would be willing to share their experience I would appreciate it.

    • Kevin Johnson

      Kevin Johnson - 2009-07-05

      What error are you getting with Snort?  If Snort is told to read the files and alert based on its rules to a DB, this should work fine.



Log in to post a comment.