[Snort-users] Alert priorietes
Juergen Schmidt
ju at ...863...
Wed Mar 14 08:33:01 EST 2001
Hello,
I'm seeing quite a lot of alerts on my box, as people keep poking around
the server, looking for holes. I don not want to shut those messages
down, as I want to get a feeling for what people are trying.
On the other hand, this flood keeps me from seeing *serious* alerts, for
example from handcrafted rules, that indicate with high propability an
intrusion.
So what I really want are alert-priorities. Are there any plans for
this?
My workaround right now is to code this into the Message (something like
msg:"CRITICAL: directory listing") and search in Acid for "CRITICAL".
But I want to see those alarms on the first glance -- not after doing a
time consuming search.
bye, ju
--
Juergen Schmidt Leitender Redakteur/senior editor c't magazin
Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
EMail: ju at ...863... - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
PGP-Key available
More information about the Snort-users
mailing list