This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro IPS v.s Snort

Hi,

Recently I got few mysql attacks, and my internal IDS detected them and notified me, then I go back to check Astaro, there is nothing there.

My question:
1. Have anyone compare the IDS/IPS detection rate between Astaro and normal Snort IDS install?
2. How many rules included in Astaro compared with normal Snort install?

I have one IDS on Solaris 10, and using latest Snort and rule set. It seems like my IDS detect more. So far my Astaro only detected port scan and ICMP/UDP flood, but I turn on all rules so I expect that it can detect previous mysql attack.

Thanks,

Hsinan

This thread was automatically locked due to age.

Parents

0 BarryG over 15 years ago

Look at Astaro's 'Dashboard' when you first login to webadmin... mine says "Intrusion Prevention is active with 6217 of 8217 patterns".

Note that some rules are not included in Astaro due to high false-positive rates, etc.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 15 years ago

Look at Astaro's 'Dashboard' when you first login to webadmin... mine says "Intrusion Prevention is active with 6217 of 8217 patterns".

Note that some rules are not included in Astaro due to high false-positive rates, etc.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data