[Snort-users] One for the Wishlist
goemon at ...20...
Fri Aug 25 14:04:29 EDT 2000
On Fri, 25 Aug 2000, Steve Halligan wrote:
> I know this has been mentioned before, but I would like to see the ability
> to assign a severity level to a rule. For example a PING-ICMP_TIME_EXCEEDED
> my be a severity=1 while an FTP-badlogin may be a 3 and a DDoS-shaft handler
> to agent may be a 5.
Not only would a severity level be useful, but also a confidence level.
There are many rules which are known to false trigger often, so it would
be useful to assign those a low confidence level. Rules which almost never
falsely trip should be given a high confidence level.
More information about the Snort-users