[Snort-users] Time Based IDS Rules

Josh Berry josh.berry at ...10221...
Mon Nov 17 13:19:03 EST 2003


Has there ever been any discussion/development done on potentially adding
time options to IDS signatures?

Like the time module for IPTables, where you can specify days that the
rule will be active and the time of day?

This would be useful for instances where there are high degrees of false
positives at certain times of the day, but should not be any activity at
others.  In my company, we do a lot of development that triggers several
of the WEB-XXX rules during the day, but the kind of traffic I would never
expect to see at night.




More information about the Snort-users mailing list