[Snort-users] Grouping Portscans

Derrick Lichti dlichti at ...7267...
Mon Oct 28 12:23:05 EST 2002


Hi;
 
I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan alert with 4000 recurring instances, many with different IPs.
 
Thanks in advance,
Derrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021028/8179278e/attachment.html>


More information about the Snort-users mailing list