Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: alarm levels assigned to Snort rules

From: Brian Caswell <bmc () mitre org>
Date: Tue, 26 Jun 2001 16:05:46 -0400
tim.gray1 () firstunion com wrote:


Is there a utility or resource out there which somehow, (maybe by creating
custom ruletypes), generates alarm levels for different attacks?

Let me explain more: Say I want password-crack attack signatures to be
considered a level 5 alarm, and if this signature is detected, it will
execute a paging program and log the alarm to a database.
If the attack signature is just an ftp attempt, I consider it a level 2 and
I want to only log the attempt to a file.

 If anyone can provide some help with this, that would be a great.


Toby was right.  This is already in the CVS version of snort.  Check
out snort.sourceforge.net for information about 'CURRENT'

-- 
Brian Caswell
The MITRE Corporation

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: