[Snort-sigs] snort config

Ryan Moon ryan.c.moon at ...2420...
Wed Dec 5 15:08:11 EST 2012


Afternoon,

You can do exactly that, Ms. Brennan. Looks like you will want to use
"threshold: type limit, track by_src, count 1, seconds 60; " for once a
minute.

http://manual.snort.org/node541.html

Thanks,

-RM


On Wed, Dec 5, 2012 at 1:36 PM, Aisling Brennan
<aislingbrennan21 at ...2420...>wrote:

> Is there an option for setting threshold on a Snort signature so it slows
> the reporting down so it occurs only once per nnn secs per Src IP ie –****
>
> ** **
>
> event_filter sig_id sssssss, gen_id g, type limit, track by_src, count 1,
> seconds nnn****
>
> ** **
>
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121205/ab901c8b/attachment.html>


More information about the Snort-sigs mailing list