[Snort-users] SnortSnarf v020124.1 released!
hoagland at ...47...
Thu Jan 24 13:25:02 EST 2002
Greetings Snort users,
Silicon Defense is pleased to announce the availability of SnortSnarf
version 020124.1, the latest version (approximately #22) of its free
Snort alert browser. Here are the changes:
+ added top N most active sources and destinations pages which
including IP involvement breakdown summaries (N adjustable with
-top=N; default 20) (multiply requested feature)
+ signature priority # and classification text displayed in pages
+ signature list now sorted primarily by priority # unless
-sortsigcount1st is given (-rs still reverses listing order) (use
-hiprioisworse if a higher priority number means a higher priority to
+ new -minprio=P option causes alerts with priority lower than P to
be ignored; this could be used to filter out informational messages
for a run
+ new -sipin=cidr option restricts alerts presented to those that
have a source IP in the given CIDR specified net
+ new -dipin=cidr option restricts alerts presented to those that
have a dest IP in the given CIDR specified net
+ added a small top-level navigation table to the top of each page
for quicker browsing
+ updated RIPE link (thanks to Laurent Monin and Olaf Gellert)
+ added lookup links into dshield.org and Sam Spade for an IP
+ made anomaly scores in Spade alerts bold for quicker scanning
+ changed order of listing among reference links
+ input files can now be interspersed with options on the command
line (previously they needed to be after all the options)
+ cleaned up some HTML
+ updated the documentation
Quite a few significant new features this time. We now have summary
pages of the most active IP addresses, sort by priority on the start
page, and provide 3 ways to restrict which alerts in your input files
get put into pages. And, oh yeah, we now produce updated RIPE links.
So, there are many reasons to upgrade or just to give it a try.
You can learn more and download your copy from:
We hope this new version brings you happier Snorting.
P.s. If someone could add this version to snort's contrib directory,
that'd be great.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users