[Snort-sigs] help with time in rules

JJC cummingsj at ...2420...
Tue Nov 6 10:56:11 EST 2012


or detection rate

On Tue, Nov 6, 2012 at 4:24 AM, evejou <girl at ...3471...> wrote:

> Yup. You're looking for the threshold keyword here:
> http://manual.snort.org/node35.html
>
>
>
>
> On Nov 6, 2012, at 4:01 AM, Jose A. <bromistamix at ...12...> wrote:
>
> Hello!
>
> I have a question when i want to develop a rule in snort.
>
> It is possible to specify the time and the number of events in the rule?
>
> For example, create an alarm when the same event occurs within two minutes
> 10 times.
>
> Thanks!
>
>
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
>
> http://p.sf.net/sfu/logmein12331_d2d_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121106/83cb8680/attachment.html>


More information about the Snort-sigs mailing list