[Snort-users] activate dynamic
tslighter at ...5174...
Tue Jul 22 10:05:09 EDT 2003
I see that you understand the goal here. Ultimately it would be a highly
useful feature in snort. thanks
From: Erek Adams [mailto:erek at ...950...]
Sent: Tuesday, July 22, 2003 7:55 AM
To: Slighter, Tim
Cc: Snort-Users (E-mail)
Subject: RE: [Snort-users] activate dynamic
On Tue, 22 Jul 2003, Slighter, Tim wrote:
> yes precisely. or the other way around too...where the number of times a
> rule is fired is counted and then to STOP alerting when it reaches a
Nope. No thresholding of any type.
Now, there is a possible workaround...
Use swatch and it's 'throttle' option. That will perform almost as you
want. Then once that threshold is done, have swatch cause a very specific
alert that actually generates the data you want.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users