|
META TOPICPARENT |
name="WebHome" |
Sagan "TODO" list.... |
|
< < | Snortsam support - Support Snortsam . Add the communications with Snortsam and the "fwsam:" flag, so triggered events can dynamically firewall off. Of course, this would only to be used with rule sets you know will give you valid source information. |
> > | Perfmon support - Which could be good for generating pretty pictures
Report non-reporting devices - Processors that sends an "alert" when it "sees" a device stop reporting for X amount of time.
More than average - Processor that alerts when an abnormal amount of alerts are being reported.
Snortsam support - Support Snortsam . Add the communications with Snortsam and the "fwsam:" flag, so triggered events can dynamically firewall off. Of course, this would only to be used with rule sets you know will give you valid source information. In version 0.2.1 |
|
$EXTERNAL_NET/$HOME_NET support - Maybe (?). Not sure if it'd be useful. |
|
Support Snort's Unified2 output - Support for Snort's 'Unified2' output format. This would allow programs like Barnyard2 to read/queue events which could then be fed to a database, other output formats, Sguil, etc. [Completed as of version 0.1.8] |
|
< < | Logzilla / php-syslog-ng output - Log Sagan events to the Logzilla/php-syslog-ng format. Should be easy to do, and give another type of console for viewing events. [Completed as of Sagan version 0.1.1 (?) ] |
> > | Logzilla / php-syslog-ng output - Log Sagan events to the Logzilla/php-syslog-ng format. Should be easy to do, and give another type of console for viewing events. [Completed as of Sagan version 0.1.1 (?) ] - Update: Support Dropped in version 0.1.9. |
|
Thresholding! - This is probably going to be a badly needed item. There's no sense in being flooding with the same information over and over again! [Completed as of version 0.1.7] (Has 'limit', but no 'threshold') |