Snort mailing list archives
RE: Confirmation For Alerts In ACID Needed
From: "Ibarra, Michael" <m.ibarra () cdcixis-na com>
Date: Wed, 20 Nov 2002 20:11:51 -0500
Yeah, I do this also, but it doesn't address the need to have notes, as you've mentioned, as well as the need to see who, if anyone else, is already working on the given alert. Anybody? -mike -----Original Message----- From: Joel Colvin [mailto:joelc () ctchouston com] Sent: Wednesday, November 20, 2002 5:34 PM To: 'Ibarra, Michael'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Confirmation For Alerts In ACID Needed What I do is create an archive database and then use the ACID function to move items to the archive. So for me, anything that still needs looking at is in the main database but all history and charts, etc. comes from the archive database. It would be nice to have notes in the database though... Joel -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ibarra, Michael Sent: Wednesday, November 20, 2002 4:00 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Confirmation For Alerts In ACID Needed Greetings All: I currently have a sitauation whereby I have a team looking at snort alerts via ACID. The problem is that we sometimes have more than one person working on an alert, worse following through with notifying the offending IP's ISP or IP owner. Does anyone know if the latest version of ACID has an option to make notes, add a confirm button or add an assigned to feature? If not, has anyone done something like this or have a need for it too? I realize that this is entirely ACID related but I am asking all of you for thoughts and ideas on this. Without re-writing ACID to add this feature, I am stumped :( Thanks in advance, -mike ------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confirmation For Alerts In ACID Needed Ibarra, Michael (Nov 20)
- RE: Confirmation For Alerts In ACID Needed Joel Colvin (Nov 20)
- <Possible follow-ups>
- RE: Confirmation For Alerts In ACID Needed Ibarra, Michael (Nov 20)
- Re: Confirmation For Alerts In ACID Needed Joseph Gresham (Nov 21)
- RE: Confirmation For Alerts In ACID Needed Fraser Hugh (Nov 21)