[Snort-sigs] Snort Response

Chris Green cmg at ...26...
Tue Dec 11 16:56:02 EST 2001


"Wiedenfeld, Scot R. (Sytex Contractor)" writes:

> 	Does Snort have the capability to respond to an intrusion or anomaly
> by executing another program. e.g. finger, dig, traceroute, tcpdump etc...
>

These are activities best left in the log analysis phase after the
alert is on disk.  Look at writing swatch rules to do this type of
active event stuff.
-- 
Chris Green <cmg at ...26...>
Let not the sands of time get in your lunch.




More information about the Snort-sigs mailing list