[Snort-users] Snort and real-time alerting

Jeremy Hoel jthoel at ...11827...
Wed May 23 11:03:31 EDT 2012


Sguil can do auto email on some events only.. it can email by
category, priority or just sid..

On Wed, May 23, 2012 at 2:57 PM, Lay, James <james.lay at ...15009...> wrote:
>> -----Original Message-----
>> From: Jeronimo L. Cabral [mailto:jelocabral at ...11827...]
>> Sent: Wednesday, May 23, 2012 8:52 AM
>> To: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Snort and real-time alerting
>>
>> Something else: suppose I use logsurfer/swatch/logwatch to alert in
>> real time the Snorts events. Actually I have near 5 events per minute.
>>
>> What is the criteria to take just a few number of critical events of
>> Snort ??? Because I have 20.000 signatures...
>>
>
> Have the watching app look for specific things...perhaps only certain
> classifications ("A Network Trojan was Detected") or something of the
> like.
>
> James
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list