Snort mailing list archives
Making snort smarter...
From: "Tobias Rice" <rice () up edu>
Date: Mon, 28 Apr 2003 14:47:36 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was just thinking about what would make snort better/smarter and was curious how hard it would be to associate certain services/servers with sigs just for those services/servers. Not unlike defining $vars in the snort.conf, but much more robust. Maybe even a target flag in the rules themselves? For example, I'm just sick of seeing IIS alerts for my Apache servers, but having IIS boxes too, so I can't turn it off. I know that you can use BPF's and other filters to accomplish this, but in a large company it can really be time consuming to hone all of the rules, filters, yada yada. It would just be more efficient to define all of your services/servers once and it just ignore all irrelevant alerts if so desired, even when rules are added or updated. Any thoughts? -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPq2heMNinOuDXR1bEQL54wCeO6v+sgO0TTnFTD12zfP+X0nq+RUAoKyp WXbDXT3GysFkgBRM0Ywl7R+t =Ehqi -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Making snort smarter... Tobias Rice (Apr 28)
- Re: Making snort smarter... Paul Schmehl (Apr 28)
- Re: Making snort smarter... Jason Haar (Apr 29)
- Re: Making snort smarter... Paul Schmehl (Apr 29)
- Re: Making snort smarter... Jason Haar (Apr 29)
- Re: Making snort smarter... Jason Haar (Apr 29)
- Re: Making snort smarter... Jason Haar (Apr 29)
- Re: Making snort smarter... Paul Schmehl (Apr 28)
- <Possible follow-ups>
- RE: Making snort smarter... bmcdowell (Apr 29)
- RE: Making snort smarter... Paul Schmehl (Apr 29)
- Re: Making snort smarter... Jason (Apr 29)
- RE: Making snort smarter... Paul Schmehl (Apr 29)
- RE: Making snort smarter... bmcdowell (Apr 29)
- RE: Making snort smarter... Paul Schmehl (Apr 29)