[Snort-users] One for the Wishlist

Dan Hollis goemon at ...20...
Fri Aug 25 14:04:29 EDT 2000


On Fri, 25 Aug 2000, Steve Halligan wrote:
> I know this has been mentioned before, but I would like to see the ability
> to assign a severity level to a rule.  For example a PING-ICMP_TIME_EXCEEDED
> my be a severity=1 while an FTP-badlogin may be a 3 and a DDoS-shaft handler
> to agent may be a 5.

Not only would a severity level be useful, but also a confidence level.

There are many rules which are known to false trigger often, so it would
be useful to assign those a low confidence level. Rules which almost never
falsely trip should be given a high confidence level.

-Dan




More information about the Snort-users mailing list