[Snort-users] SFS version 1.0 - Snort alerts analysis tool
orit at ...12437...
Wed Sep 15 13:05:59 EDT 2004
Thank you for your interest in Securimine.
How does SFS calculate the 'threat level' in its 'Top Threats Report'?
SFS defines a behavioral model based on logs of events gathered by your
system. SFS then assigns a threat level for each group of alerts,
according to the deviation of this group from the normal behavior of
your specific system. The threat level is calculated in percentage from
0% (no threat - this group of alerts represents behavior that happens in
the system regularly) to 100% (highest threat- SFS could not find any
similar behavior in the behavioral model.
You can find answers to this and other questions at:
If you have additional questions, please let me know.
From: Chris Green [mailto:cmg at ...671...]
Sent: Wednesday, September 15, 2004 12:36 PM
To: Orit Vidas
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] SFS version 1.0 - Snort alerts analysis tool
Orit Vidas <orit at ...12437...> writes:
> SFS version 1.0 may be downloaded for free from the Securimine
> website at: www.securimine.com
How do you determine "Threat level"?
Attack-Response Invalid URL is the highest threat level on the sample
Chris Green <cmg at ...1121...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users