[Snort-users] Alert priorietes

Juergen Schmidt ju at ...863...
Wed Mar 14 08:33:01 EST 2001


Hello,

I'm seeing quite a lot of alerts on my box, as people keep poking around
the server, looking for holes. I don not want to shut those messages
down, as I want to get a feeling for what people are trying. 
On the other hand, this flood keeps me from seeing *serious* alerts, for
example from handcrafted rules, that indicate with high propability an
intrusion.

So what I really want are alert-priorities. Are there any plans for
this?

My workaround right now is to code this into the Message (something like
msg:"CRITICAL: directory listing") and search in Acid for "CRITICAL".
But I want to see those alarms on the first glance -- not after doing a
time consuming search.

bye, ju



-- 
Juergen Schmidt   Leitender Redakteur/senior editor  c't magazin
Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
EMail: ju at ...863... - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
PGP-Key available




More information about the Snort-users mailing list