[Snort-devel] Classification & priority for spp plugins
francois at ...451...
Fri Jun 1 11:13:44 EDT 2001
I already post a similar question on the user list before but
I had no reply, and as it sounds more like a dev question, so
I subscribed the list (after looking through the archives...).
I'm currently using the features offered by the beta version,
the classification & priority, to ring bells for more-than-busy
It certainly meets the goals I need for ruled based alerts, but
I wonder if something has ben planned (or has been included) to
classify alerts generated by pre-processors plugins, specially
the defrag & portscan plugins.
I've been wandering through the code and found nothing about it.
Worse, it seems the priority plugin gives some portscans a "random"
priority (from an old packet), which doesn't sounds correct to me.
So questions : am I missing something ? If not, have you already
thought of what could be done. Could I help on it beeing solved ?
Thank you for your time to all of you -- and of course for Snort --,
More information about the Snort-devel