[Snort-users] Segregating drop alerts

Glenn Forbes Fleming Larratt gl89 at ...1712...
Fri May 22 09:24:22 EDT 2015


Dear Anshuman,

Can you clarify what you mean by "drop alerts"?

I don't know anything about Snorby, but my experience of Snort in 
vanilla configuration is that

  - an "alert" rule will log both an alert and the packet;
  - a "drop" rule will silently ignore the packet.

Best,
-- 
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

> From: Anshuman Anil Deshmukh [mailto:anshuman at ...16510...]
> Sent: Friday, May 15, 2015 12:23 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Segregating drop alerts
>
> Hi,
>
> We have some rules set as drop and we are using Snorby as our web 
> interface. We were trying to see if we can segregate the drop alerts but 
> couldn't find any option. Has anybody worked on this and suggest how 
> this can be done? 
>
> https://groups.google.com/forum/#!topic/snorby/YCSzsmDRAIY
>
> Regards,
> Anshuman Anil Deshmukh | Sr. IS Analyst - Security
> Cybage Software Pvt. Ltd. (An SEI-CMMI Level 5 assessed & ISO 27001 company)
> Phone : 91-20-66041700, 91-20-66044700 (Ext. 6114)
> Fax: 91-20-66041701 & 66041702
> Cell: 91-99230-51641
>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 108, Issue 41
> ********************************************
>




More information about the Snort-users mailing list