This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Making a Soltra box talk to Sophos UTM

Hi,

I am not sure how many of you are aware of the Stix & Taxii frameworks, but what I would love to do is to setup a Soltra www.soltra.com box that is setup to receive Intel-feeds and then feed that Intel to Sophos UTM.

I would have to convert the Stix dataset to something readable to Snort. But how easy would this be to setup with Sophos UTM?

Anyone has experience about feeding Snort inside Sophos UTM some data? Or some firewall rules in the UTM as well.

This thread was automatically locked due to age.

Parents

0 BarryG over 10 years ago

Snort is not designed to receive alerts from another system; snort looks at network traffic and creates its own alerts. There is no (report) format "readable to snort".

What you are looking for is a Security Information Management (SIM) system.
Look at Splunk, OSSIM (and maybe OSSEC), Loggly, ...

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 10 years ago

Snort is not designed to receive alerts from another system; snort looks at network traffic and creates its own alerts. There is no (report) format "readable to snort".

What you are looking for is a Security Information Management (SIM) system.
Look at Splunk, OSSIM (and maybe OSSEC), Loggly, ...

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data