[Snort-users] alarm levels assigned to Snort rules
tim.gray1 at ...2387...
tim.gray1 at ...2387...
Tue Jun 26 15:06:44 EDT 2001
Is there a utility or resource out there which somehow, (maybe by creating
custom ruletypes), generates alarm levels for different attacks?
Let me explain more: Say I want password-crack attack signatures to be
considered a level 5 alarm, and if this signature is detected, it will
execute a paging program and log the alarm to a database.
If the attack signature is just an ftp attempt, I consider it a level 2 and
I want to only log the attempt to a file.
If anyone can provide some help with this, that would be a great.
Tim
More information about the Snort-users
mailing list