Snort mailing list archives
Re: alarm levels assigned to Snort rules
From: Brian Caswell <bmc () mitre org>
Date: Tue, 26 Jun 2001 16:05:46 -0400
tim.gray1 () firstunion com wrote:
Is there a utility or resource out there which somehow, (maybe by creating custom ruletypes), generates alarm levels for different attacks? Let me explain more: Say I want password-crack attack signatures to be considered a level 5 alarm, and if this signature is detected, it will execute a paging program and log the alarm to a database. If the attack signature is just an ftp attempt, I consider it a level 2 and I want to only log the attempt to a file. If anyone can provide some help with this, that would be a great.
Toby was right. This is already in the CVS version of snort. Check out snort.sourceforge.net for information about 'CURRENT' -- Brian Caswell The MITRE Corporation _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alarm levels assigned to Snort rules tim . gray1 (Jun 26)
- Re: alarm levels assigned to Snort rules Brian Caswell (Jun 26)
- Re: alarm levels assigned to Snort rules Chris Green (Jun 26)
- <Possible follow-ups>
- RE: alarm levels assigned to Snort rules Kohlenberg, Toby (Jun 26)