Snort mailing list archives
Grouping Portscans
From: "Derrick Lichti" <dlichti () mitra com>
Date: Wed, 23 Oct 2002 16:47:57 -0400
Hi; I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan alert with 4000 recurring instances. Thanks in advance, Derrick
Current thread:
- Grouping Portscans Derrick Lichti (Oct 23)
- <Possible follow-ups>
- Grouping Portscans Derrick Lichti (Oct 28)