Snort mailing list archives
RE: alarm levels assigned to Snort rules
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Tue, 26 Jun 2001 12:39:46 -0700
I believe this is a planned (already exists?) feature for Snort 1.8. If you can't wait, you can try changing the messages to include a tag that defines the priority then use swatch or logcheck to look for those tags in the alert or syslog files and respond in any way you like. Toby
-----Original Message----- From: tim.gray1 () firstunion com [mailto:tim.gray1 () firstunion com] Sent: Tuesday, June 26, 2001 12:07 PM To: snort-users () lists sourceforge net Subject: [Snort-users] alarm levels assigned to Snort rules Is there a utility or resource out there which somehow, (maybe by creating custom ruletypes), generates alarm levels for different attacks? Let me explain more: Say I want password-crack attack signatures to be considered a level 5 alarm, and if this signature is detected, it will execute a paging program and log the alarm to a database. If the attack signature is just an ftp attempt, I consider it a level 2 and I want to only log the attempt to a file. If anyone can provide some help with this, that would be a great. Tim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alarm levels assigned to Snort rules tim . gray1 (Jun 26)
- Re: alarm levels assigned to Snort rules Brian Caswell (Jun 26)
- Re: alarm levels assigned to Snort rules Chris Green (Jun 26)
- <Possible follow-ups>
- RE: alarm levels assigned to Snort rules Kohlenberg, Toby (Jun 26)