[Snort-users] Grouping Portscans

Derrick Lichti dlichti at ...7267...
Mon Oct 28 12:23:05 EST 2002

I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan alert with 4000 recurring instances, many with different IPs.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021028/8179278e/attachment.html>

More information about the Snort-users mailing list