Snort mailing list archives
Re: New to snort
From: Guillaume <guillaume () anteria fr>
Date: Fri, 09 Nov 2001 17:48:50 +0100 (CET)
En réponse à Philip Clark <pclark () pclarkbiz com>:
Hello All, I am a new user to snort and I have 2 quick questions... 1.) Is there a way to make your alerts point to which rule set invoked them?
What do you mean ? There is a comment associated with all signatures usually, it should be enough to knwo what kind of event generated the alert. You could add some unique ID of your own, but do not forget : there are about +1,000 snort rules now ! :-)
2.) Is there a way to make Snort actually stop suspected traffic as opposed to only alerting?
Using flexresp will allow you to trigger some actions. But i'm not sure it always is a good idea... Guillaume. ------------------------------------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New to snort Johnno (Oct 01)
- Re: New to snort Mike Poor (Oct 01)
- Re: New to snort Johnno (Oct 01)
- Re: New to snort Bruno Gimenes Pereti (Oct 02)
- Re: New to snort Johnno (Oct 01)
- <Possible follow-ups>
- New to snort Ali Eghtessadi (Oct 15)
- New to snort Philip Clark (Nov 09)
- Re: New to snort Guillaume (Nov 09)
- Re: New to snort Mike Poor (Oct 01)