[Snort-sigs] Snort as IPS and correlation
danilogo1991 at ...2420...
Fri Apr 10 12:26:39 EDT 2015
I have the following question about snort:
I have snort configured to perform some tasks of active response,
like closing tcp sessions, and modifying Iptables's rules through snortsam.
I would like to know if it's possible make the system work following this
1- Snort receive a packet that matches with a rule [RULE A] (RULE A
includes blocking source address in iptables through snortsam)
2- Action for [RULE A] stands in "standby" until another rule [RULE B] is
3- Once [RULE B] is matched, then [RULE A] performs actions configured on
Is this possible?
How can I do it?
Is there any other way to perform this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs