[Snort-devel] Classification & priority for spp plugins

François Désarménien francois at ...451...
Fri Jun 1 11:13:44 EDT 2001


Hello,

I already post a similar question on the user list before but
I had no reply, and as it sounds more like a dev question, so
I subscribed the list (after looking through the archives...).

I'm currently using the features offered by the beta version,
the classification & priority, to ring bells for more-than-busy
net admins.

It certainly meets the goals I need for ruled based alerts, but
I wonder if something has ben planned (or has been included) to
classify alerts generated by pre-processors plugins, specially
the defrag & portscan plugins.

I've been wandering through the code and found nothing about it.
Worse, it seems the priority plugin gives some portscans a "random"
priority (from an old packet), which doesn't sounds correct to me.

So questions : am I missing something ? If not, have you already
thought of what could be done.  Could I help on it beeing solved ?

Thank you for your time to all of you -- and of course for Snort --,

Regards,

François Désarménien




More information about the Snort-devel mailing list