[OT] [Snort-users] Firing off Abuse email based on Snort Traffic

james hackerwacker at ...9340...
Fri May 30 16:57:05 EDT 2003


I think securityfocus or incidents.org allow you to up load your snort
files and then select  who gets an abuse e-mail. With thousands of alerts a day
it just became too much to deal with, as many alerts do not deserve an e-mail.

Snort Snarf has a XML function that allows you to view the alerts and send e-mails right
from the web page. Have not played with this one yet. 

Key here is that human intervention and decisions need to be made before e-mails are sent.

james




More information about the Snort-users mailing list