Snort mailing list archives

Re: Alert aggregation


From: Russ <rucombs () cisco com>
Date: Mon, 18 Apr 2016 18:17:58 -0400

For a single Snort instance? Have a look at detection_filter or event_filter.

On 4/18/16 4:08 PM, Joel Esler (jesler) wrote:
Snort, no, not built in. The FirePOWER commercial product offered by Cisco does this automatically for you by default.


--
*Joel Esler*
Manager, Talos Group




On Apr 18, 2016, at 4:02 PM, Gurgen Hakobyan <hakobyan () outlook com <mailto:hakobyan () outlook com>> wrote:

Hello,

Does Snort have a mechanism to aggregate alerts globally? Like, let’s say, I want Snort to only alert me if there are a total of 100 alerts generated by one rule (one or many flows, I don’t care)?

Thanks,
Gurgen
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread: