[Smoothsec-talk] Few new installation questions about Smooth Sec Snorby

[Joseph S. <jos...@ya...>]

Hello, I'm just getting started and have a few questions.

1) Snorby itself, as presented on http://www.snorby.org/ looks a lot like Smooth-Sec, as presented on http://bailey.st/blog/smooth-sec/
What is the difference between these 2 ISO images?

2) I read on the Snorby site that it interfaces with Snort, Suricata, and Sagan.  Does this mean I can use the snort rules I get from my oinkmaster code?  Advantages/disadvantages over using the Emerging Rules file which appears to be part of the Smooth-Sec distro?

3) How often is that file, http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz updated, generally?

4) I saw something called "Insta Snorby".  Anyone know much about this?
http://www.turnkeylinux.org/forum/general/20101206/insta-snorby-official-snort-snorby-turn-key-solution

5) I've had my Smooth-Sec up and running for nearly a day.  I'm not seeing anything on the Dashboard (all 3 are zero), but in the right column under the "Last 5 Unique Events", I see items in the ET Policy sections:
    30 of "ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)", with a red 1 (High Severity)

     1 of "ET POLICY Suspicious inbound to Oracle SQL port 1521", with a yellow 2 (Medium Severity)
  Why don't these show up in the main screen area of the Dashboard?

Any help would be great.

Thanks!



If life gives you lemons, keep them-- because hey.. free lemons.