deploying intrusion prevention system with custom plugins (snort inline)
https://stackoverflow.com/questions/2239094
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have to deploy a Snort based intrusion prevention system.
I am total newbie in this, so any kind of help , references for starters would be highly appreciated.
Also snort documentation talks about Honeynet Snort Inline Toolkit, but the available link to it is returning 404. I checked it on Honey net but couldn't find it.
Also i read in the documentation that custom plugins too can be written for snort, is there any java library for that?
Please help.
Thanks in advance
Ashish
Solution
Plugins can only be developed in C as of now and are fairly undocumented. The SnortSP platform is supposed to make this easier. It's currently in beta and can be downloaded here.
Now, you don't mention why would you like to write a plugin, maybe all you need are rules that are thoroughly documented in the user manual. There are also tools that can output Snort rules from the logs of an attack, like Nebula
