[Snort-users] Rate of alert

Denis Sacchet mailinglist at ...13903...
Fri Aug 25 09:31:48 EDT 2006


Hello everybody,

I wonder if 60 unique alerts (for about 10000 alerts) is normal for a
snort configuration. Moreover, those alerts seems to not correspond
every time, and I adjust my rules to filter for example vulnerability on
IMAP server type, but my IMAP server is not of this type, IIS attack
onto apache web server, etc ...

Perhaps something is wrong in the configuration used.

Thanks for your point of view and your input about the number of alert
and the type;

Best regards

Denis Sacchet




More information about the Snort-users mailing list