[Snort-users] alarm levels assigned to Snort rules
cmg at ...671...
Tue Jun 26 16:23:39 EDT 2001
tim.gray1 at ...2387... writes:
> Is there a utility or resource out there which somehow, (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it a level 2 and
> I want to only log the attempt to a file.
These are what definable ruletypes are for. The priorties ( a
solution in another reply ) in the output are designed for
postprocessing tools rather than the internals of snort.
Ruletypes allow you to create your own rules rather than 'alert':
Chris Green <cmg at ...671...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-users