SSIM 4.7 + Sourcefire eStreamer

Created: 13 Nov 2012 | 3 comments

Dorbian

Hi all,

I've been swapping the Snort Syslog connector for the Sourcefire eStreamer for our sourcefire environment.

My main reason is the collection of network packets from the IDS environment.
When looking into the events received, i don't see any network packet information, any of you have an idea how to get this done ?

Cheers,

-Sven

Discussion Filed Under:

Security, Symantec Security Information Manager, Configuring

Comments RSS Feed

Comments 3 Comments • Jump to latest comment

Laurent_c Symantec Employee Accredited

SSIM 4.7 + Sourcefire eStreamer - Comment:13 Nov 2012 : Link

The Source Fire collector doesn't collect the Data Payload if it is what you are looking for.

Dorbian

SSIM 4.7 + Sourcefire eStreamer - Comment:13 Nov 2012 : Link

Hi Laurent,

Thanks,

There is no way to configure the collector to get that data in one of the custom fields ?

Cheers,

-Sven

Laurent_c Symantec Employee Accredited

SSIM 4.7 + Sourcefire eStreamer - Comment:13 Nov 2012 : Link

Well this is how the collector was written. To be able to collect the payload, it will need to be changed (either code or/and sensor) to colelct payload from the sourcefire db.

This is a good enhancement request.

SSIM 4.7 + Sourcefire eStreamer

Comments 3 Comments • Jump to latest comment

Would you like to reply?

Links