Snort mailing list archives
RE: SFS version 1.0 - Snort alerts analysis tool
From: "Orit Vidas" <orit () securimine com>
Date: Wed, 15 Sep 2004 12:51:04 -0700
Chris, Thank you for your interest in Securimine. How does SFS calculate the 'threat level' in its 'Top Threats Report'? SFS defines a behavioral model based on logs of events gathered by your system. SFS then assigns a threat level for each group of alerts, according to the deviation of this group from the normal behavior of your specific system. The threat level is calculated in percentage from 0% (no threat - this group of alerts represents behavior that happens in the system regularly) to 100% (highest threat- SFS could not find any similar behavior in the behavioral model. You can find answers to this and other questions at: www.securimine.com/faq.html If you have additional questions, please let me know. Thanks, - Orit -----Original Message----- From: Chris Green [mailto:cmg () uab edu] Sent: Wednesday, September 15, 2004 12:36 PM To: Orit Vidas Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] SFS version 1.0 - Snort alerts analysis tool Orit Vidas <orit () securimine com> writes:
SFS version 1.0 may be downloaded for free from the Securimine website at: www.securimine.com
How do you determine "Threat level"? Attack-Response Invalid URL is the highest threat level on the sample page. -- Chris Green <cmg () dok org> "I'm beginning to think that my router may be confused." ------------------------------------------------------- This SF.Net email is sponsored by: thawte's Crypto Challenge Vl Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge. Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SFS version 1.0 - Snort alerts analysis tool Orit Vidas (Sep 15)
- Re: SFS version 1.0 - Snort alerts analysis tool Chris Green (Sep 15)
- RE: SFS version 1.0 - Snort alerts analysis tool Orit Vidas (Sep 15)
- Re: SFS version 1.0 - Snort alerts analysis tool Edin Dizdarevic (Sep 16)
- Re: SFS version 1.0 - Snort alerts analysis tool Chris Green (Sep 15)