Highest Voted 'intrusion-detection' Questions

0

votes

1 answer

what is the difference between snort alert and snort log rule action?

[] [1:2002973:1] Sample alert [] - Alert Message msg "sample message" - Log Message Both are messages. What is the difference between these messages ?

snort intrusion-detection

asked Jul 22 '16 at 09:06

Lakshmi Balan

198
12

0

votes

0 answers

Indoor based intrusion detection

Iam working on a indoor based intrusion detection on continous image dump implementation using opencv. I have to detect an intrusion in the perimeter set by the user.I have implemented the ui for user to set the perimeter(simple rectangle drawn by…

opencv intrusion-detection

asked Jun 13 '16 at 07:42

N Manojdevender

1
4

0

votes

1 answer

Error setting up OSSEC HIDS with PostgreSQL on Debian 8

I am trying to install OSSEC HIDS on my server with a Database Suport (have done it before with mail notifications). I already have PostgreSQL with other databases in it, but when I try to compile OSSEC with Database Suport (Like in this guide:…

postgresql security debian intrusion-detection

asked Jun 06 '16 at 22:06

Auyer

2,693
3
15
32

0

votes

1 answer

Suricata Windows inline mode

I'm setting up Suricata on Windows. I can test the inline mode but when I try to put it in inline mode so I can drop instead of alert. The problem is I get the error, cannot find the NF Queue. I first tried the automatic installation, but this way…

windows inline intrusion-detection suricata

asked May 23 '16 at 13:10

laurensp

23
4

0

votes

2 answers

Exception in thread "main"

Im getting Exception in thread "main" java.lang.Error: Unresolved compilation. What am I doing wrong? public class idsbasedagent{ JDCaptor captor ; public idsbasedagent(){ captor=new JDCaptor(); } public static void…

java intrusion-detection multi-agent

asked Apr 02 '16 at 11:41

Mohssine

21
3

0

votes

0 answers

Opensource lightweight HIDS for use on production servers

Requirement I want to secure my production VMs on AWS, these VMs host critical web applications and can see around 500 Mbps traffic during peak hours. I already using mod_security WAF but I am not very happy with it. Here is what I am…

networking firewall pcap snort intrusion-detection

asked Mar 23 '16 at 15:43

Iornman l

21
1
5

0

votes

0 answers

Problems with launching VM in openstack

I am trying to launch an instance in Openstack. Instance : SecurityOnion.iso Flavor : 14 GB RAM Root disk : 20 GB vCPUS: 5 Host RAM: 20 GB Host OS: Centos7 When the xUBUNTU security Onion console shows up after I launch the instance on the…

openstack openstack-horizon intrusion-detection

asked Dec 21 '15 at 12:56

Abhishek0501

1
1

0

votes

1 answer

Can pattern matching go across TCP packets?

I am new to Intrusion Detection system. From what I know, it seems the pattern matching (e.g., PCRE in Snort) only search matches within a packet. Can pattern matching go across packets? In practice, do people care about cross-packets patterns?

regex tcp pattern-matching snort intrusion-detection

asked Aug 20 '15 at 01:58

JackWM

10,085
22
65
92

0

votes

1 answer

Single OSSEC rule to supress alert_by_email

Im trying to supress/ignore the alert_by_email-option for every OSSEC-rule. The documentation suggests the following: "Some rules have an option set to force OSSEC into sending an alert email. This option is alert_by_email. One of these rules is…

email rule alerts intrusion-detection

asked Aug 16 '15 at 17:45

Corn

47
7

0

votes

2 answers

barnyard2 for snort permission denied

I installed barnyard2 for snort, but when i run command below this error appear. [root@localhost snort]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.log -w /etc/snort/bylog.waldo /etc/snort/gen-msg.map /etc/snort/sid-msg.map…

linux centos centos7 snort intrusion-detection

asked Aug 14 '15 at 13:03

Mohamad

33
7

0

votes

2 answers

What is the best way to enable different rules for different subnets in Snort?

We have snort running on one of our servers which has a network interface that has a subnet configuration of 192.168.0.0/16 I want to enable a specific rule, for example a chat rule with the sid:2002027, to 192.168.1.0/24 but I don't want the rule…

snort intrusion-detection

asked Aug 10 '15 at 08:32

Alptugay

1,676
4
22
29

0

votes

1 answer

Snort only alerting about IP its running on

I'm trying to set up a snort IDS from my machine(opensuse 13.1) to monitor the entire network. When I run snort I am sniffing all the packets and monitoring all computers on the network, but I am only getting alerts for my machine. I want the alert…

networking snort intrusion-detection

asked Jun 26 '15 at 14:43

dez

56
1
6

0

votes

1 answer

How to you suricata to work in IPS mode in Ubuntu?

i am trying to install suricata in vmware player and when i try the suricata -c /etc/suricata/suricata.yaml i get the error of - [ERRORCODE: SC_ERR_CONF_YAML_ERROR(240)] - Failed to parse configuration line 382: did not find expected key any…

error-handling vmware-player intrusion-detection

asked Apr 09 '15 at 14:35

Danny

1
5

0

votes

2 answers

How to send OSSec Notification to a HTTP URL

Currently I see just email notification which can be sent for alerts in OSSec. Is there any way to make an http call in case of an alert?

intrusion-detection

asked Apr 01 '15 at 05:40

GG.

2,835
5
27
34

0

votes

1 answer

Snort can't find rule file

Running snort 2.9.7.0 on the latest Arch Linux OS on Raspberry Pi B+ model. I have tried to run Snort multiple times in NIDS mode: snort –dev –l log –h 192.168.1.0/24 –c snort.conf OR snort -c snort.conf -l /log -h 127.0.0.1/24 -s. I always get…

raspberry-pi snort intrusion-detection archlinux-arm

asked Mar 12 '15 at 13:56

user2050798

1
1

Questions tagged [intrusion-detection]