[Snort-users] Excluding $HOME_NET -> $HOME_NET Alerts

Michael Boman michael.boman at ...4162...
Mon May 20 17:49:02 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 21 May 2002 00:21, Ed Kasky wrote:
> Michael,
>
> The only problem with this is that it changes the "Signature" description
> of each Alert to "(External) Incoming
> traffic."
>
> Can it be done without the msg description so that it leaves Snort's
> description?
>
> Ed
> ~~

But of course. The 'msg:"some message here";' keyword has nothing to do with 
how the signature rule work, so you can change it to what-ever you want.

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE86Zjpds5fQJiraJwRAmn3AJ0VA3LRurizW9Oj2busD8Cs5vjQSwCgvLgM
lEWTvhPyLdE6tEBGaChMWFc=
=aUKk
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list