[Snort-users] Correlation on Snort Events

Kamal Ahmed Kamal.Ahmed at ...12472...
Mon Sep 5 21:23:17 EDT 2005


Hi,

What snort can do is (as per my understanding) is to generate events
based on rules, or to sniff/snoop network traffic, this is all well and
good, but I do not see a person going thru every log message to find out
meaningful information, regarding what the packet actually meant to do
(in case of any intrusion type attack). Is there a correlation engine ,
which can have rules like:

If message A is received which contains X text, and within N amount of
time another message B is received on the wire, containing Y text ,
generate an log message , and also send an e-mail to (let's say Security
Administrator)

Thanks,

-Kamal.




More information about the Snort-users mailing list