Snort mailing list archives
Re: help with time in rules
From: JJC <cummingsj () gmail com>
Date: Tue, 6 Nov 2012 08:56:11 -0700
or detection rate On Tue, Nov 6, 2012 at 4:24 AM, evejou <girl () techn0ev3 net> wrote:
Yup. You're looking for the threshold keyword here: http://manual.snort.org/node35.html On Nov 6, 2012, at 4:01 AM, Jose A. <bromistamix () hotmail com> wrote: Hello! I have a question when i want to develop a rule in snort. It is possible to specify the time and the number of events in the rule? For example, create an alarm when the same event occurs within two minutes 10 times. Thanks! ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- help with time in rules Jose A . (Nov 06)
- Re: help with time in rules evejou (Nov 06)
- Re: help with time in rules JJC (Nov 06)
- Re: help with time in rules waldo kitty (Nov 06)
- Re: help with time in rules evejou (Nov 06)