tslighter at ...5174...
Wed Jan 15 08:00:48 EST 2003
If what I am about to say is already present and available then please
disregard this post.
Otherwise, what are the possibilities for implementing event propagation
features into snort. Say for example when snort alerts for a SubSeven Scan
and as everyone knows, this can generate thousands of alerts. Is it
possible to build into the code or the conf/rules files an option that would
instruct snort to stop logging for this alert based upon the source address
and after "x" number of similar alerts for "x" amount of time?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users