Network engineer Leon Ward of SourceFire has taken the unusual step of publishing his intrusion detection system (IDS) alerts over Twitter, the popular microblogging platform. If you are so inclined, you can monitor his IDS along with your own, by following @SnortIDS on Twitter.

Snort is on Twitter

Thus far the account has the distinction of being mentioned (tweeted and retweeted) 10 times on Twitter, while still only being followed by 5 people :). This is probably a reflection of the real life problem of getting people to review and respond to IDS alerts.

Many firms consider intrusion alerts confidential data, right alongside vulnerability and security test data. IDS logs contain information about internal hosts, and if properly tuned (a big if) can be used to discern which signatures a firm is most interested in, potentially because they are aware of vulnerable systems downstream. Ward has partially mitigated this concern by scrubbing out information on his internal hosts in the tweet stream.

Snort is the immensely popular open source network intrusion detection/prevention system originally written by Martin Roesch and maintained today by Sourcefire, the Columbia Maryland security firm of which Roesch is CTO. There are some 3mm downloads of the Snort IDS since inception.

Leon has stated that he will release his code in the next few weeks.

References

TweetYard – Sourcefire and Snort alerts to Twitter

Related Posts: