Detecting repeated web requests

["Sheahan, Paul" <Paul.Sheahan () priceline com>]

Hello,

 

I'd like to use Snort to do the following and wonder first of all, if it
is capable of doing so?

 

1.      If x number of repeated web requests (GETs) come in of the SAME
exact type in a short time period, (which wouldn't happen under normal
circumstances) then alert.
2.      Or if many web requests of ANY type come in a short time period
(indicating non-human activity), then alert.

 

 

Does anyone know if these types of checks are possible in Snort?

 

 

Thanks