[Snort-sigs] Re: "bad guy" tagging

Martin Olsson elof at ...1288...
Thu Jul 17 03:16:21 EDT 2003


On Wed, 16 Jul 2003, Chris Green wrote:
> Martin Olsson <elof at ...1288...> writes:
> > Today there are several reporting tools for snort, but none of them can
> > create a correct report-summary where the worst offenders and targets are
> > displayed.
> I think the real request rather than a grammar update ( which breaks
> every tool ever ) is asking for the message field to clearly indicate
> with one standard word
> At a previous incarnation of myself, I had "OUTGOING" at the begining
> of all the rules that indicated a machine on my network attacking
> someone else.
> RESPONSE at the top of a rule could indicate a server response....

Ok, it might not be the most beautiful solution, but putting this standard
word first in the msg-tag works.

When can we expect an official anouncement?

/Martin Olsson





More information about the Snort-sigs mailing list