Snort mailing list archives
possible to tailor the SDF combination alert message, or override with custom rule?
From: Sean <sean.barmettler () gmail com>
Date: Mon, 15 Jun 2015 11:20:31 -0600
Preemptive apologies if this is answered elsewhere, as I didnt find it. Simple enough questions: * is it possible to tailor the equivalence of the "msg" portion of SDF output matches? IE: SDF Combination Alert [**] [Classification: Senstive Data]should ideally be "alert: credit card transaction in clear text" or something more specific * is it possible to override the SDF engine with a local rule? thus far i've been unsuccessful with that using PCRE, exact match, content, etc. thanks in advance. Sean
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- possible to tailor the SDF combination alert message, or override with custom rule? Sean (Jun 15)
- Re: possible to tailor the SDF combination alert message, or override with custom rule? Al Lewis (allewi) (Jun 15)