[Snort-sigs] Re: "bad guy" tagging
cmg at ...435...
Wed Jul 16 05:52:23 EDT 2003
[ moving this debate to sigs only ]
Martin Olsson <elof at ...1288...> writes:
> Today there are several reporting tools for snort, but none of them can
> create a correct report-summary where the worst offenders and targets are
I think the real request rather than a grammar update ( which breaks
every tool ever ) is asking for the message field to clearly indicate
with one standard word
At a previous incarnation of myself, I had "OUTGOING" at the begining
of all the rules that indicated a machine on my network attacking
RESPONSE at the top of a rule could indicate a server response....
Chris Green <cmg at ...435...>
Warning: time of day goes back, taking countermeasures.
More information about the Snort-sigs