Snort mailing list archives

RE: Smb output

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 22 Jul 2004 22:14:55 -0500

On Thu, 2004-07-22 at 08:34, Joshua Berry wrote:

If someone were to rewrite it I think it would be better to follow the
flexresp method, where you can add an option to a rule to send a
WinPopUp on alerts that are most important to you.  That way analysts
wouldn't be inundated with the WinPopUp's.


Good idea. However, it's probably better to use a custom log type
instead of using an option within the rule syntax. For example:
alert ip ... -> Into database or what-not
alertSMB ip ... -> Into database and SMB alert.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: Smb output, (continued)
- Re: Smb output sekure (Jul 20)
  - Re: Smb output Nerijus Krukauskas (Jul 20)
    - Re: Smb output Michael Sconzo (Jul 21)
    - Re: Smb output Frank Knobbe (Jul 21)
    - Re: Smb output Michael Sconzo (Jul 21)
    - Re: Smb output Frank Knobbe (Jul 21)
    - Re: Smb output Michael Sconzo (Jul 21)
    - Re: Smb output Frank Knobbe (Jul 21)
    - Re: Smb output Nerijus Krukauskas (Jul 21)
- RE: Smb output Joshua Berry (Jul 22)
  - RE: Smb output Frank Knobbe (Jul 22)