It would be nice to have filters for other sources of data than Bro, snort, and syslog. In the case of snort, it would be nice if we could support other alert formats than "fast_alert". Other possible sources: Qualys, Arcsight, Apache, Windows Event, snmp, nagios, Splunk, OSSEC, tripwire, silk / netflow
It would be nice to have filters for other sources of data than Bro, snort, and syslog. In the case of snort, it would be nice if we could support other alert formats than "fast_alert". Other possible sources: Qualys, Arcsight, Apache, Windows Event, snmp, nagios, Splunk, OSSEC, tripwire, silk / netflow