[Snort-users] alarm levels assigned to Snort rules

tim.gray1 at ...2387... tim.gray1 at ...2387...
Tue Jun 26 15:06:44 EDT 2001


Is there a utility or resource out there which somehow, (maybe by creating
custom ruletypes), generates alarm levels for different attacks?

Let me explain more: Say I want password-crack attack signatures to be
considered a level 5 alarm, and if this signature is detected, it will
execute a paging program and log the alarm to a database.
If the attack signature is just an ftp attempt, I consider it a level 2 and
I want to only log the attempt to a file.

 If anyone can provide some help with this, that would be a great.

Tim





More information about the Snort-users mailing list