RE: SFS version 1.0 - Snort alerts analysis tool

["Orit Vidas" <orit () securimine com>]

Chris, 

Thank you for your interest in Securimine.

How does SFS calculate the 'threat level' in its 'Top Threats Report'?

SFS defines a behavioral model based on logs of events gathered by your
system. SFS then assigns a threat level for each group of alerts,
according to the deviation of this group from the normal behavior of
your specific system. The threat level is calculated in percentage from
0% (no threat - this group of alerts represents behavior that happens in
the system regularly) to 100% (highest threat- SFS could not find any
similar behavior in the behavioral model.

You can find answers to this and other questions at:
www.securimine.com/faq.html

If you have additional questions, please let me know.

Thanks,
- Orit


-----Original Message-----
From: Chris Green [mailto:cmg () uab edu] 
Sent: Wednesday, September 15, 2004 12:36 PM
To: Orit Vidas
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] SFS version 1.0 - Snort alerts analysis tool

Orit Vidas <orit () securimine com> writes:

> SFS version 1.0 may be downloaded for free from the Securimine
> website at: www.securimine.com

How do you determine "Threat level"?

Attack-Response Invalid URL is the highest threat level on the sample
page.  
-- 
Chris Green <cmg () dok org>
"I'm beginning to think that my router may be confused."



-------------------------------------------------------
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users