[Snort-sigs] Alert aggregation

Russ rucombs at ...3865...
Mon Apr 18 18:17:58 EDT 2016


For a single Snort instance?  Have a look at detection_filter or 
event_filter.

On 4/18/16 4:08 PM, Joel Esler (jesler) wrote:
> Snort, no, not built in.  The FirePOWER commercial product offered by 
> Cisco does this automatically for you by default.
>
>
> --
> *Joel Esler*
> Manager, Talos Group
>
>
>
>
>> On Apr 18, 2016, at 4:02 PM, Gurgen Hakobyan <hakobyan at ...3751... 
>> <mailto:hakobyan at ...3751...>> wrote:
>>
>> Hello,
>>
>> Does Snort have a mechanism to aggregate alerts globally? Like, let’s 
>> say, I want Snort to only alert me if there are a total of 100 alerts 
>> generated by one rule (one or many flows, I don’t care)?
>>
>> Thanks,
>> Gurgen
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications 
>> Manager
>> Applications Manager provides deep performance insights into multiple 
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160418/340bd200/attachment.html>


More information about the Snort-sigs mailing list