[Snort-users] Smb output

Frank Knobbe frank at ...9761...
Thu Jul 22 20:18:47 EDT 2004


On Thu, 2004-07-22 at 08:34, Joshua Berry wrote:
> If someone were to rewrite it I think it would be better to follow the
> flexresp method, where you can add an option to a rule to send a
> WinPopUp on alerts that are most important to you.  That way analysts
> wouldn't be inundated with the WinPopUp's.

Good idea. However, it's probably better to use a custom log type
instead of using an option within the rule syntax. For example:
alert ip ... -> Into database or what-not
alertSMB ip ... -> Into database and SMB alert.

Regards,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040722/adc18d30/attachment.sig>


More information about the Snort-users mailing list