Snort mailing list archives
Snort as IPS and correlation
From: Daniel Lopez <danilogo1991 () gmail com>
Date: Fri, 10 Apr 2015 18:26:39 +0200
Hi I have the following question about snort: I have snort configured to perform some tasks of active response, like closing tcp sessions, and modifying Iptables's rules through snortsam. I would like to know if it's possible make the system work following this steps: 1- Snort receive a packet that matches with a rule [RULE A] (RULE A includes blocking source address in iptables through snortsam) 2- Action for [RULE A] stands in "standby" until another rule [RULE B] is matched 3- Once [RULE B] is matched, then [RULE A] performs actions configured on it. Is this possible? How can I do it? Is there any other way to perform this? Thanks
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort as IPS and correlation Daniel Lopez (Apr 10)
- Re: Snort as IPS and correlation lists () packetmail net (Apr 10)
- Re: Snort as IPS and correlation James Lay (Apr 10)
- Re: Snort as IPS and correlation stephane.nasdrovisky (Apr 10)