[Snort-users] Snorby Portscan Detection Failiure

Davison, Charles Robert cdaviso1 at ...17214...
Wed Aug 26 09:45:53 EDT 2015


Good Morning,


I have configured my port-scan preprocessor as follows:


[cid:1835172e-441f-49b3-b0eb-88c02254e7e2]


I run nmap against this box and nothing gets displayed in Snorby? I did make sure that my unified 2 output is getting piped over to Snorby, but so far i only see my ICMP test rule I created and no port-scan detection... is there something I am missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150826/67412fad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImage.png
Type: image/png
Size: 10690 bytes
Desc: pastedImage.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150826/67412fad/attachment.png>


More information about the Snort-users mailing list