[Snort-users] Grouping Portscans

Derrick Lichti dlichti at ...7267...
Wed Oct 23 13:49:04 EDT 2002


Hi;
 
I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan alert with 4000 recurring instances.
 
Thanks in advance,
Derrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021023/e8dda932/attachment.html>


More information about the Snort-users mailing list