[Snort-users] Smb output
frank at ...9761...
Thu Jul 22 20:18:47 EDT 2004
On Thu, 2004-07-22 at 08:34, Joshua Berry wrote:
> If someone were to rewrite it I think it would be better to follow the
> flexresp method, where you can add an option to a rule to send a
> WinPopUp on alerts that are most important to you. That way analysts
> wouldn't be inundated with the WinPopUp's.
Good idea. However, it's probably better to use a custom log type
instead of using an option within the rule syntax. For example:
alert ip ... -> Into database or what-not
alertSMB ip ... -> Into database and SMB alert.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users