[Snort-users] alarm levels assigned to Snort rules

Brian Caswell bmc at ...312...
Tue Jun 26 16:05:46 EDT 2001


tim.gray1 at ...2387... wrote:
> 
> Is there a utility or resource out there which somehow, (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
> 
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it a level 2 and
> I want to only log the attempt to a file.
> 
>  If anyone can provide some help with this, that would be a great.

Toby was right.  This is already in the CVS version of snort.  Check
out snort.sourceforge.net for information about 'CURRENT'

-- 
Brian Caswell
The MITRE Corporation




More information about the Snort-users mailing list