[Snort-users] alarm levels assigned to Snort rules
bmc at ...312...
Tue Jun 26 16:05:46 EDT 2001
tim.gray1 at ...2387... wrote:
> Is there a utility or resource out there which somehow, (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it a level 2 and
> I want to only log the attempt to a file.
> If anyone can provide some help with this, that would be a great.
Toby was right. This is already in the CVS version of snort. Check
out snort.sourceforge.net for information about 'CURRENT'
The MITRE Corporation
More information about the Snort-users