[Snort-sigs] Alert aggregation

Joel Esler (jesler) jesler at ...3865...
Mon Apr 18 16:08:58 EDT 2016

Snort, no, not built in.  The FirePOWER commercial product offered by Cisco does this automatically for you by default.

Joel Esler
Manager, Talos Group

On Apr 18, 2016, at 4:02 PM, Gurgen Hakobyan <hakobyan at ...3751...<mailto:hakobyan at ...3751...>> wrote:


Does Snort have a mechanism to aggregate alerts globally? Like, let’s say, I want Snort to only alert me if there are a total of 100 alerts generated by one rule (one or many flows, I don’t care)?

Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160418/0eb38ab2/attachment.html>

More information about the Snort-sigs mailing list