[Snort-users] SFS version 1.0 - Snort alerts analysis tool

Orit Vidas orit at ...12437...
Wed Sep 15 13:05:59 EDT 2004


Thank you for your interest in Securimine.

How does SFS calculate the 'threat level' in its 'Top Threats Report'?

SFS defines a behavioral model based on logs of events gathered by your
system. SFS then assigns a threat level for each group of alerts,
according to the deviation of this group from the normal behavior of
your specific system. The threat level is calculated in percentage from
0% (no threat - this group of alerts represents behavior that happens in
the system regularly) to 100% (highest threat- SFS could not find any
similar behavior in the behavioral model.

You can find answers to this and other questions at:

If you have additional questions, please let me know.

- Orit

-----Original Message-----
From: Chris Green [mailto:cmg at ...671...] 
Sent: Wednesday, September 15, 2004 12:36 PM
To: Orit Vidas
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] SFS version 1.0 - Snort alerts analysis tool

Orit Vidas <orit at ...12437...> writes:

> SFS version 1.0 may be downloaded for free from the Securimine
> website at: www.securimine.com

How do you determine "Threat level"?

Attack-Response Invalid URL is the highest threat level on the sample
Chris Green <cmg at ...1121...>
"I'm beginning to think that my router may be confused."

More information about the Snort-users mailing list