[Snort-sigs] Alert aggregation

Gurgen Hakobyan hakobyan at ...3751...
Mon Apr 18 16:02:03 EDT 2016


Hello,

Does Snort have a mechanism to aggregate alerts globally? Like, let’s say, I want Snort to only alert me if there are a total of 100 alerts generated by one rule (one or many flows, I don’t care)? 

Thanks,
Gurgen


More information about the Snort-sigs mailing list