[Snort-users] Real Time Alert and Variables

Nicholas Horton fivetenets at ...14399...
Fri Jan 25 12:08:21 EST 2013


Perfect. Thanks. Ill take a look in the manual. 

Nick

On Jan 25, 2013, at 12:00 PM, Y M <snort at ...15979...> wrote:

> You can also use custom action types. You define them in snort.conf file, and use the new custom action type with your rules. Sorry can't provide resources at the moment, but it should be in the manual.
> 
> YM
> From: Nicholas Horton
> Sent: ‎1/‎25/‎2013 7:26 PM
> To: Snort Users
> Subject: [Snort-users] Real Time Alert and Variables
> 
> Is swatch still the best, only, current solution to kick off a script with variables such as source ip based on a specific snort alert?
> 
> Nick
> 
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130125/b6976fd3/attachment.html>


More information about the Snort-users mailing list