[Snort-sigs] Snort Response

Chris Green cmg at ...26...
Tue Dec 11 16:56:02 EST 2001

"Wiedenfeld, Scot R. (Sytex Contractor)" writes:

> 	Does Snort have the capability to respond to an intrusion or anomaly
> by executing another program. e.g. finger, dig, traceroute, tcpdump etc...

These are activities best left in the log analysis phase after the
alert is on disk.  Look at writing swatch rules to do this type of
active event stuff.
Chris Green <cmg at ...26...>
Let not the sands of time get in your lunch.

More information about the Snort-sigs mailing list