OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian Caswell (bmcmitre.org)
Date: Tue Jun 26 2001 - 15:05:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    tim.gray1firstunion.com wrote:
    >
    > Is there a utility or resource out there which somehow, (maybe by creating
    > custom ruletypes), generates alarm levels for different attacks?
    >
    > Let me explain more: Say I want password-crack attack signatures to be
    > considered a level 5 alarm, and if this signature is detected, it will
    > execute a paging program and log the alarm to a database.
    > If the attack signature is just an ftp attempt, I consider it a level 2 and
    > I want to only log the attempt to a file.
    >
    > If anyone can provide some help with this, that would be a great.

    Toby was right. This is already in the CVS version of snort. Check
    out snort.sourceforge.net for information about 'CURRENT' 

    -- 
Brian Caswell
The MITRE Corporation

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users