Snort mailing list archives
Re: Alert aggregation
From: Russ <rucombs () cisco com>
Date: Mon, 18 Apr 2016 18:17:58 -0400
For a single Snort instance? Have a look at detection_filter or event_filter.
On 4/18/16 4:08 PM, Joel Esler (jesler) wrote:
Snort, no, not built in. The FirePOWER commercial product offered by Cisco does this automatically for you by default.-- *Joel Esler* Manager, Talos GroupOn Apr 18, 2016, at 4:02 PM, Gurgen Hakobyan <hakobyan () outlook com <mailto:hakobyan () outlook com>> wrote:Hello,Does Snort have a mechanism to aggregate alerts globally? Like, let’s say, I want Snort to only alert me if there are a total of 100 alerts generated by one rule (one or many flows, I don’t care)?Thanks, Gurgen ------------------------------------------------------------------------------Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers ofyour business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Alert aggregation Gurgen Hakobyan (Apr 18)
- Re: Alert aggregation Joel Esler (jesler) (Apr 18)
- Re: Alert aggregation Russ (Apr 18)
- Re: Alert aggregation Joel Esler (jesler) (Apr 18)