[Snort-users] Rate of alert
mailinglist at ...13903...
Fri Aug 25 09:31:48 EDT 2006
I wonder if 60 unique alerts (for about 10000 alerts) is normal for a
snort configuration. Moreover, those alerts seems to not correspond
every time, and I adjust my rules to filter for example vulnerability on
IMAP server type, but my IMAP server is not of this type, IIS attack
onto apache web server, etc ...
Perhaps something is wrong in the configuration used.
Thanks for your point of view and your input about the number of alert
and the type;
More information about the Snort-users