[Snort-users] sending alerts by email / active response Win2K system [RMC-J7FLJI4]

Romulo M. Cholewa rmc at ...8111...
Mon Jan 27 20:05:07 EST 2003


Hi All,

Sorry about these bunch of newbie questions. I'm in the path of evaluating snort, and it's being used on Windows 2000 Server. Everything is running really smooth. I had a BSOD, but I think it's related to the packet capture driver version.

I would like to ask experienced snort users, if there are any ways of emailing some alerts (maybe a perl script of some sort that would parse the alert.ids file and send emails if it finds a specific alert). Also if there are any ways of automating the process of filtering out dynamically some kinds of attacks. I already know that it will not be easy with Windows 2000, but maybe snort can be used together with some firewall / filtering product available. Currently using Zone Alarm Pro.

If these things are possible, I would like to thank in advance if someone could point me to the right direction.

Thanks again,

Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

    "Those who make peaceful revolution impossible will make    
             violent revolution inevitable." -- JFK.             
                                                                 
                                                                 




More information about the Snort-users mailing list